Monthly Archive: January 2018

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing...

Password are stored in plaintext in nvram in the HTTPd server in all current versions (

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version

Highly predictable session tokens in the HTTPd server in all current versions (

Improper administrator IP validation after his login in the HTTPd server in all current versions (

IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local...

OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple ‘expired’ flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If...

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if...

A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue...

A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union...

An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI. Date published : 2018-01-31...

In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITYSYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c. Date published : 2018-01-31 https://github.com/ZhiyuanWang-Chengdu-Qihoo360/SUPERAntiSpyware_POC/tree/master/0x9C402114_9C402124_9C40207c

In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. Date published : 2018-01-31 https://github.com/ZhiyuanWang-Chengdu-Qihoo360/SUPERAntiSpyware_POC/tree/master/getshell

In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148....