Hd Moore

**Nome do Software Vulnerável e Versões Afetadas** Abilis CPX (versões afetadas não especificadas) **Descrição** Um invasor pode obter acesso a um shell restrito em um dispositivo Abilis CPX não configurado ao falhar repetidamente na autenticação via SSH. Especificamente, após três tentativas de autenticação malsucedidas, uma quarta tentativa permite o login e habilita a retransmissão de conexão. Isso ocorre porque o dispositivo não gerencia corretamente as tentativas de login falhas repetidas. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Raisecom RAX701-GC **Descrição** Os dispositivos Raisecom afetados permitem o estabelecimento de sessões SSH sem exigir autenticação de usuário. Isso poderia possibilitar que atacantes obtenham acesso ao shell sem credenciais legítimas. O problema afeta equipamentos industriais e de telecomunicações. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Pontos de acesso Cisco Aironet (versões afetadas não especificadas) **Descrição** O problema está relacionado à validação insuficiente de entrada para um comando específico na implementação de um comando CLI, o que poderia permitir que um invasor local autenticado sobrescrevesse arquivos na memória flash do dispositivo. Um invasor poderia explorar essa vulnerabilidade emitindo um comando com argumentos manipulados, o que potencialmente permitiria sobrescrever ou criar arquivos com dados já presentes em outros arquivos hospedados no dispositivo afetado. **Recomendações** Para os pontos de acesso Cisco Aironet, considere restringir o acesso ao comando CLI vulnerável até que uma correção esteja disponível. Como solução alternativa temporária, evite usar argumentos manipulados com comandos específicos para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Cisco Webex Meetings Client para MacOS (versões afetadas não especificadas) **Descrição** Uma vulnerabilidade na configuração do protocolo multicast DNS (mDNS) poderia permitir que um invasor não autenticado, localizado nas proximidades, obtivesse informações confidenciais sobre o dispositivo no qual o cliente Webex está em execução. A vulnerabilidade existe porque informações confidenciais são incluídas na resposta mDNS. Um invasor poderia explorar essa vulnerabilidade realizando uma consulta mDNS para um serviço específico em um dispositivo afetado. Uma exploração bem-sucedida poderia permitir que o invasor obtivesse acesso a informações confidenciais. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Ceragon FibeAir IP-10 (affected versions not specified) **Description** The issue concerns a default SSH public key in the authorized keys file for the `mateidu` user. This allows remote attackers to gain SSH access if they have knowledge of the private key. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Juniper ScreenOS versions 6.2.0r15 through 6.2.0r18 Juniper ScreenOS versions 6.3.0r12 before 6.3.0r12b Juniper ScreenOS versions 6.3.0r13 before 6.3.0r13b Juniper ScreenOS versions 6.3.0r14 before 6.3.0r14b Juniper ScreenOS versions 6.3.0r15 before 6.3.0r15b Juniper ScreenOS versions 6.3.0r16 before 6.3.0r16b Juniper ScreenOS versions 6.3.0r17 before 6.3.0r17b Juniper ScreenOS versions 6.3.0r18 before 6.3.0r18b Juniper ScreenOS versions 6.3.0r19 before 6.3.0r19b Juniper ScreenOS versions 6.3.0r20 before 6.3.0r21 **Description** The issue is related to weaknesses in the authentication procedure of the ScreenOS operating system. This allows a remote attacker to gain administrative access by entering a specially crafted password during an SSH or TELNET session. **Recommendations** For Juniper ScreenOS versions 6.2.0r15 through 6.2.0r18, update to a version outside of this range. For Juniper ScreenOS versions 6.3.0r12 before 6.3.0r12b, update to 6.3.0r12b or later. For Juniper ScreenOS versions 6.3.0r13 before 6.3.0r13b, update to 6.3.0r13b or later. For Juniper ScreenOS versions 6.3.0r14 before 6.3.0r14b, update to 6.3.0r14b or later. For Juniper ScreenOS versions 6.3.0r15 before 6.3.0r15b, update to 6.3.0r15b or later. For Juniper ScreenOS versions 6.3.0r16 before 6.3.0r16b, update to 6.3.0r16b or later. For Juniper ScreenOS versions 6.3.0r17 before 6.3.0r17b, update to 6.3.0r17b or later. For Juniper ScreenOS versions 6.3.0r18 before 6.3.0r18b, update to 6.3.0r18b or later. For Juniper ScreenOS versions 6.3.0r19 before 6.3.0r19b, update to 6.3.0r19b or later. For Juniper ScreenOS versions 6.3.0r20 before 6.3.0r21, update to 6.3.0r21 or later. As a temporary workaround, consider restricting access to SSH and TELNET sessions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Supermicro X9 generation motherboards with firmware before 3.15 (SMT X9 315) **Description** The issue is related to multiple stack-based buffer overflows in the cgi/close window.cgi file within the web interface of the Intelligent Platform Management Interface (IPMI). This can be exploited by remote attackers to execute arbitrary code via the `sess sid` or `ACT` parameters. **Recommendations** For Supermicro X9 generation motherboards with firmware before 3.15 (SMT X9 315), update the firmware to version 3.15 (SMT X9 315) or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi/close window.cgi file in the web interface to minimize the risk of exploitation. Avoid using the `sess sid` and `ACT` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Supermicro X9 generation motherboards with firmware before 3.15 (SMT X9 315) **Description** The issue is related to a buffer overflow in the logout.cgi file within the Intelligent Platform Management Interface (IPMI) that can be exploited by remote authenticated users to execute arbitrary code. This is achieved by manipulating the `SID` parameter. **Recommendations** For Supermicro X9 generation motherboards with firmware before 3.15 (SMT X9 315), update the firmware to version 3.15 (SMT X9 315) or later to resolve the issue. As a temporary workaround, consider restricting access to the logout.cgi file until the update is applied. Avoid using the `SID` parameter in the logout.cgi file until the firmware is updated.

**Name of the Vulnerable Software and Affected Versions** MiniUPnPd versions prior to 1.4 **Description** The issue is related to the ProcessSSDPRequest function in the SSDP handler, which can be exploited by remote attackers to cause a denial of service. This is achieved by sending a crafted request that triggers a buffer over-read, resulting in the service crashing. **Recommendations** For versions prior to 1.4, update to version 1.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MiniUPnPd version 1.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and service crash. This is achieved by sending a SOAPAction header that lacks a # (pound sign) character. **Recommendations** For MiniUPnPd version 1.0, as a temporary workaround, consider restricting access to the SOAPAction handler in the HTTP service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MiniUPnPd version 1.0 **Description** The issue is related to an integer signedness error in the ExecuteSoapAction function within the SOAPAction handler of the HTTP service. This error can be triggered by a remote attacker sending a SOAPAction header without a double quote character, leading to a denial of service due to incorrect memory copy. **Recommendations** For MiniUPnPd version 1.0, consider restricting access to the SOAPAction handler until a patch is available. As a temporary workaround, avoid using the ExecuteSoapAction function with unvalidated input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Address Book version 6.00.2900.5512 in Microsoft Windows XP SP2 and SP3 Windows Address Book in Windows Server 2003 SP2 Windows Address Book in Windows Vista SP1 and SP2 Windows Address Book in Windows Server 2008 Gold, SP2, and R2 Windows Address Book in Windows 7 **Description** The issue allows local users to gain privileges via a Trojan horse `wab32res.dll` file in the current working directory. This can occur in directories containing Windows Address Book (WAB), VCF (aka vCard), or P7C files. A remote code execution vulnerability exists in the way Windows Address Book handles the loading of DLL files, potentially allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Windows XP SP2 and SP3, consider disabling the `wab.exe` until a patch is available. For Windows Server 2003 SP2, restrict access to the Windows Address Book to minimize the risk of exploitation. For Windows Vista SP1 and SP2, avoid using the Windows Address Book in directories that may contain malicious `wab32res.dll` files. For Windows Server 2008 Gold, SP2, and R2, and Windows 7, apply configuration changes to prevent the loading of untrusted DLL files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wind River VxWorks versions 6.x, 5.x, and earlier **Description** The issue concerns the INCLUDE SECURITY functionality, which uses the `LOGIN USER NAME` and `LOGIN USER PASSWORD` (also known as `LOGIN PASSWORD`) parameters to create hardcoded credentials. This makes it easier for remote attackers to obtain access via a telnet, rlogin, or FTP session. **Recommendations** For Wind River VxWorks versions 6.x, 5.x, and earlier, consider disabling the INCLUDE SECURITY functionality or restricting access to the hardcoded credentials as a temporary workaround until a patch is available. Avoid using the `LOGIN USER NAME` and `LOGIN USER PASSWORD` parameters in affected sessions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wind River VxWorks versions 6.x, 5.x, and earlier **Description** The issue allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185. This is related to a previous issue. **Recommendations** For Wind River VxWorks versions 6.x, 5.x, and earlier, restrict access to UDP port 17185 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** A remote code execution issue exists in the HTML Help ActiveX control (Hhctrl.ocx), allowing attackers to execute arbitrary code via unspecified functions related to uninitialized parameters, such as `uninitialized parameters`. This could be exploited by constructing a specially crafted Web page, potentially allowing remote code execution if a user visited that page. An attacker who successfully exploited this issue could take complete control of an affected system. **Recommendations** For Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X version 10.4.8 Description: The issue allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow. Recommendations: For Apple Mac OS X version 10.4.8, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to wireless networks to minimize the risk of remote attacks.

**Name of the Vulnerable Software and Affected Versions** libupnp versions 1.3.1 **Description** The issue is related to multiple vulnerabilities in the libupnp package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific vulnerability is a stack-based buffer overflow in the `unique service name` function, allowing remote attackers to execute arbitrary code via a long `ServiceType` field in a UDP packet. **Recommendations** For libupnp version 1.3.1, consider disabling the `unique service name` function as a temporary workaround until a patch is available. Restrict access to the SSDP parser to minimize the risk of exploitation. Avoid using the `ServiceType` field in UDP packets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libupnp version 1.3.1 **Description** The issue is related to a stack-based buffer overflow in the unique service name function in the SSDP parser. This can be exploited by remote attackers to execute arbitrary code via a long DeviceType field in a UDP packet. Multiple vulnerabilities in the libupnp package may lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For version 1.3.1, consider disabling the unique service name function as a temporary workaround until a patch is available. Restrict access to the SSDP parser to minimize the risk of exploitation. Avoid using long DeviceType fields in UDP packets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libupnp version 1.3.1 **Description** The issue is related to a stack-based buffer overflow in the unique service name function in ssdp/ssdp server.c in the SSDP parser. This allows remote attackers to execute arbitrary code via a long UDN field within a string that lacks a :: (colon colon) in a UDP packet. Multiple vulnerabilities in the libupnp package may lead to disruption of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For version 1.3.1, consider disabling the unique service name function in ssdp/ssdp server.c as a temporary workaround until a patch is available. Restrict access to the SSDP parser to minimize the risk of exploitation. Avoid using long UDN fields within strings that lack a :: (colon colon) in UDP packets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libupnp versions 1.3.1 **Description** The issue affects the libupnp package in Debian GNU/Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Exploitation can occur remotely. A stack-based buffer overflow in the `unique service name` function allows remote attackers to execute arbitrary code via a long `DeviceType` field in a UDP packet. **Recommendations** For libupnp version 1.3.1, consider disabling the `unique service name` function as a temporary workaround until a patch is available. Restrict access to the SSDP parser in the portable SDK for UPnP Devices to minimize the risk of exploitation. Avoid using long `DeviceType` fields in UDP packets until the issue is resolved.