Monthly Archive: June 2020

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Date published : 2020-06-15 https://www.debian.org/security/2020/dsa-4707 https://www.debian.org/security/2020/dsa-4708

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or...

SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the...

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet. Date published : 2020-06-15 https://github.com/meetecho/janus-gateway/pull/2229 https://github.com/meetecho/janus-gateway/blob/v0.10.0/utils.c#L381

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server. Date published : 2020-06-15 https://github.com/meetecho/janus-gateway/pull/2229 https://github.com/meetecho/janus-gateway/blob/v0.10.0/plugins/janus_streaming.c#L6117

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package...

ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. Date published : 2020-06-15 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/555PIBSHDUZD26UCJ5DHCQ4W7RXEZC66/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVZXYNDM4YOONMXYPW2GTMIS6V6JBIL6/

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu. Date published : 2020-06-15 https://know.bishopfox.com/advisories/digdash-version-2018

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by...

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to...

D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. Date published : 2020-06-15 https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310 https://www.dlink.com/en/security-bulletin

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. Date published : 2020-06-15 https://www.us-cert.gov/ics/advisories/icsa-20-161-01

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9...

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9...