Jduck

**Name of the Vulnerable Software and Affected Versions** Integard Pro versions prior to 2.0.0.9037 Integard Home versions prior to 2.0.0.9037 Integard Pro and Home versions 2.2.x prior to 2.2.0.9037 **Description** The web server has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. This issue can be exploited through an EIP-overwrite buffer overflow. **Recommendations** For Integard Pro and Home versions prior to 2.0.0.9037, update to version 2.0.0.9037 or later. For Integard Pro and Home versions 2.2.x prior to 2.2.0.9037, update to version 2.2.0.9037 or later. As a temporary workaround, consider restricting access to the administration login `POST` request until a patch is available. Avoid using long passwords in the administration login until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-10-01 Android versions 7.0 before 2016-10-01 **Description** The issue allows remote attackers to cause a denial of service, resulting in a device hang or reboot, via a crafted file. **Recommendations** For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-10-01, update to a version released on or after 2016-10-01. For Android versions 7.0 before 2016-10-01, update to a version released on or after 2016-10-01.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-09-01 Android versions 7.0 before 2016-09-01 **Description** The issue is related to the `SMSDispatcher.java` in Telephony, which does not properly construct warnings about premium SMS messages. This allows attackers to spoof the premium-payment confirmation dialog via a crafted application. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-09-01, apply the September 2016 security patch or later. For Android versions 7.0 before 2016-09-01, apply the September 2016 security patch or later.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 5.1.1 LMY48I **Description** The issue is related to an integer overflow in the `SampleTable::setSampleToChunkParams` function in `libstagefright` in Android. This allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication. The vulnerability can be exploited to remotely execute code in affected devices. **Recommendations** For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting the use of the `libstagefright` library to minimize the risk of exploitation. Avoid using the `SampleTable::setSampleToChunkParams` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ASUS WRT firmware versions 3.0.0.4.376 1071 through 3.0.0.376.2524-g0013f52 **Description** The issue allows remote attackers to bypass authentication and execute arbitrary commands. This is achieved by sending a NET CMD ID MANU CMD packet to UDP port 9999, due to improper checking of the MAC address for a request. **Recommendations** For versions 3.0.0.4.376 1071 through 3.0.0.376.2524-g0013f52, consider restricting access to UDP port 9999 to minimize the risk of exploitation. As a temporary workaround, avoid using the NET CMD ID MANU CMD packet until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Java Runtime Environment (JRE) versions 6 Update 23 and earlier **Description** The issue affects the confidentiality, integrity, and availability of systems due to an unspecified vulnerability in the Deployment component. This allows remote untrusted Java Web Start applications and untrusted Java applets to exploit the vulnerability via unknown vectors. **Recommendations** For Java Runtime Environment (JRE) versions 6 Update 23 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Network Node Manager versions 7.01, 7.51, and 7.53 **Description** The issue is related to a stack-based buffer overflow in the doLoad function in snmpviewer.exe, allowing remote attackers to execute arbitrary code. This is achieved via the `act` and `app` parameters. **Recommendations** For HP OpenView Network Node Manager versions 7.01, 7.51, and 7.53, consider restricting access to the snmpviewer.exe CGI until a patch is available. As a temporary workaround, avoid using the `act` and `app` parameters in the affected CGI endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Awingsoft Awakening Winds3D Viewer plugin version 3.5.0.9 **Description** The issue allows remote attackers to execute arbitrary programs. This is achieved by setting a `SceneURL` property value to a URL for a .exe file, which enables the execution of arbitrary programs. **Recommendations** For version 3.5.0.9, as a temporary workaround, consider restricting access to the `SceneURL` property to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.