[CLOSE] OSVDB ID : 89477 - Disclosed: 2013-01-09

Description:

Juniper Junos contains an overflow condition in the J-Web component. The issue is triggered as user-supplied input is not properly validated when handling an unspecified request related to URL encoding. With a specially crafted request, a remote attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

[CLOSE] OSVDB ID : 89476 - Disclosed: 2013-01-09

Description:

Juniper Junos contains a flaw in the NGET MVPN environment that may allow a remote denial of service. The issue is triggered when handling a saturation of specially crafted IPv4 or IPv6 PIM join messages. With a specially crafted message, a remote attacker can cause the routing daemon to crash.

[CLOSE] OSVDB ID : 86795 - Disclosed: 2012-10-08

Description:

Juniper Junos contains a flaw in the PIM protocol implementation that may allow a remote denial of service. The issue is triggered when processing malformed PIM Hello messages. With a specially crafted request, a remote attacker can cause the RPD to crash.

[CLOSE] OSVDB ID : 86796 - Disclosed: 2012-10-05

Description:

Juniper Junos contains a flaw that may allow a remote denial of service. The issue is triggered when the device receives a BGP UPDATE message containing a malformed flow specification NLRI element, and will result in loss of availability for the device.

[CLOSE] OSVDB ID : 86797 - Disclosed: 2012-10-03

Description:

Juniper Junos contains a flaw that may cause the device not to properly enforce set policy. The issue occurs when an administrator removes the 'client-match' statement in the configuration. This will cause the device to stop properly enforcing the web-authentication policy, potentially allowing attackers to conduct attacks against the device with greater ease.

[CLOSE] OSVDB ID : 84825 - Disclosed: 2012-08-17

Description:

IOServer contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the URL. This directory traversal attack would allow the attacker to gain access to arbitrary files.

[CLOSE] OSVDB ID : 86798 - Disclosed: 2012-08-15

Description:

Juniper Junos contains a timing flaw in the ttymodem() internal I/O processing routine that may allow a remote denial of service. The issue is triggered when simply attempting to access the device remotely via e.g. telnet or SSH. With a specially crafted request, a remote attacker can cause a kernel crash.

[CLOSE] OSVDB ID : 85343 - Disclosed: 2012-07-16

Description:

Juniper Junos contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs in the rpd daemon during the handling of a malformed IS-IS message. This may allow a remote attacker to cause a loss of availability for the program.

[CLOSE] OSVDB ID : 85341 - Disclosed: 2012-07-11

Description:

Juniper Junos contains a flaw that may allow a remote denial of service. The issue is triggered when the server responds to connections with an RST when the SYN cookie protection threshold is exceeded. This will result in a loss of availability for the program.

[CLOSE] OSVDB ID : 85340 - Disclosed: 2012-07-11

Description:

Juniper Junos contains a flaw that is triggered when discard is used with the log or syslog actions within the firewall filter term in the lo0 loopback interface. This may cause some packets to bypass the firewall filter term.

[CLOSE] OSVDB ID : 85342 - Disclosed: 2012-07-10

Description:

Juniper Junos contains a flaw that may allow a remote denial of service. The issue is triggered when a kernel panic occurs when receiving a malformed ICMPv6 packet which contains a corrupted payload within an IPv6 L3VPN. This may allow a remote unauthenticated attacker to cause a loss of availability for the program.

[CLOSE] OSVDB ID : 85339 - Disclosed: 2012-07-10

Description:

Juniper Junos contains a flaw that may allow a remote denial of service. The issue is triggered during the handling of a specially crafted broadcast storm of corrupt packets. This may cause the rpd daemon to hang, resulting in a loss of availability for the program.

[CLOSE] OSVDB ID : 85337 - Disclosed: 2012-07-10

Description:

Juniper Junos contains a flaw related to the J-Web component that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input upon submission to the index.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 85334 - Disclosed: 2012-07-10

Description:

Juniper Junos contains a flaw that that may allow allow inbound SSH traffic, even when host-inbound-traffic is not configured to allow it.

[CLOSE] OSVDB ID : 85338 - Disclosed: 2012-07-10

Description:

Juniper Junos contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the load factory-default command fails while in exclusive edit mode. This may allow a local attacker to gain escalated privileges.

[CLOSE] OSVDB ID : 85336 - Disclosed: 2012-07-10

Description:

Juniper Junos contains a flaw related to the J-Web component that is triggered during the parsing of web form posts, which may cause a hash collision. This will result in a loss of availability for the program.

[CLOSE] OSVDB ID : 85335 - Disclosed: 2012-07-10

Description:

Juniper Junos contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs in the flowd process during the reassembly of UDP and IP fragments. This will result in a loss of availability for the program.

[CLOSE] OSVDB ID : 82897 - Disclosed: 2012-06-12

Description:

Apple iTunes is prone to an overflow condition. The prorgam fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted M3U file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 81902 - Disclosed: 2012-05-19

Description:

Symantec LiveUpdate contains a flaw that may allow an attacker to gain access to unauthorized privileges. A weakness in the installation directory permissions may allow a local attacker to escalate privileges. By placing a specially crafted JSP file in the directory and then requesting it via HTTP, the JSP will be executed with SYSTEM privileges.

[CLOSE] OSVDB ID : 82016 - Disclosed: 2012-05-04

Description:

Apple Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by FileVault not properly restricting what is written to secure.log, which may allow an attacker to gain access to password information in plaintext when viewing the log.

[CLOSE] OSVDB ID : 81763 - Disclosed: 2012-05-03

Description:

CiscoWorks Prime LAN Management Solution contains a flaw related to the Autologin.jsp script. The issue is triggered when input passed via the 'URL' parameter is not properly verified. This may allow an attacker to include HTTP headers in a response to the user.

[CLOSE] OSVDB ID : 81406 - Disclosed: 2012-04-25

Description:

By default, RuggedCom Rugged Operating System (ROS) installs with a default, unchangeable password. The 'factory' account has a password based off the ROS device's MAC address. This allows attackers to remotely access the system and gain full administrative control.

[CLOSE] OSVDB ID : 82820 - Disclosed: 2012-04-11

Description:

Juniper Junos contains a flaw that may allow a remote denial of service. The issue is triggered when a high saturation of J-Web HTTP connections occurs, which results in high CPU utilization. This may cause a loss of availability in the system even after the program is closed.

[CLOSE] OSVDB ID : 82822 - Disclosed: 2012-04-11

Description:

Juniper Junos contains a flaw that is triggered when a weak cryptographic key generation is used for SSH and SSL, which may result in a duplication of keys between multiple devices. This may allow an attacker with knowledge of the duplicates keys to perform a man-in-the-middle attack.

[CLOSE] OSVDB ID : 82824 - Disclosed: 2012-04-11

Description:

Juniper Junos contains a flaw that is triggered when SSH sessions are incorrectly authenticated using TACACS+ for authentication. Fetched authorizations are stored in a certain file named after the process ID that is not properly closed when exiting the SSH client. This may allow an attacker to bypass authentication by used the same process ID as an authenticated user.

[CLOSE] OSVDB ID : 82819 - Disclosed: 2012-04-11

Description:

Juniper Junos contains a flaw that may allow a remote denial of service. The issue is triggered when MPLS is enabled and a high amount of pseudo wire control words are parsed, and will result in loss of availability for the RE switch over or a single RE environment.

[CLOSE] OSVDB ID : 82821 - Disclosed: 2012-04-11

Description:

A memory corruption flaw exists in Juniper Junos. This issue is triggered when the IPv6 flow sessions is freed on to the central point certain sessions statistics are updated. This may result in a memory corruption. This may potentially allow an attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 78851 - Disclosed: 2012-01-24

Description:

JUNOS contains a flaw in the BGP feature that may allow a remote denial of service. The issue is triggered when handling a malformed non-transitive BGP PATH attribute. With a specially crafted request, a remote attacker can cause the rpd service to crash.

[CLOSE] OSVDB ID : 88406 - Disclosed: 2012-01-23

Description:

JUNOS contains a flaw in the BGP feature that may allow a remote denial of service. The issue is triggered when an established session disconnects before BGP sends the first keepalive message. With a specially crafted request, a remote attacker can cause the rpd service to crash.

[CLOSE] OSVDB ID : 78361 - Disclosed: 2012-01-20

Description:

GE Energy D20/D200 Substation Controller contains an overflow condition in the GE D20ME TFTP service. The issue is triggered as unspecified user-supplied input is not properly validated when parsing received commands. With a specially crafted request, a remote attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

[CLOSE] OSVDB ID : 78324 - Disclosed: 2012-01-20

Description:

By default, Modicon HTTP Server installs with a default password. The USER account has a password of USER which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 78323 - Disclosed: 2012-01-20

Description:

By default, Modicon telnet Server installs with a default password. The 'ntpupdate' account has a password of 'fZ*imnw}l' and the 'ftpuser' account has a password of 'password' which are publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 78325 - Disclosed: 2012-01-20

Description:

By default, Modicon FTP Server/Client installs with a default password. The qbf77101 account has a password of hexakisoctahedron which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 78327 - Disclosed: 2012-01-20

Description:

By default, GE D20 installs with a default password. The 'westronic' account has a password of 'rd' which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 78360 - Disclosed: 2012-01-20

Description:

The General Electric (GE) D20ME remote terminal unit contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to an error within the TFTP service when downloading a device's configuration file and may disclose authentication credentials to a remote attacker.

[CLOSE] OSVDB ID : 78610 - Disclosed: 2012-01-20

Description:

By default, MicroLogix 1100 PLC units install with a default password. The 'administrator' account has a password of 'ml1100' which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 78613 - Disclosed: 2012-01-19

Description:

The Schneider Electric Modicon Quantum TFTP service contains a flaw related to access control functionality. The issue is triggered due to the device failing to provide any authentication mechanisms prior to file uploads that may allow a remote attacker to upload arbitrary files.

[CLOSE] OSVDB ID : 78850 - Disclosed: 2012-01-11

Description:

Juniper JUNOS contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the J-Web component. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into performing unintended actions in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 78849 - Disclosed: 2012-01-11

Description:

Juniper JUNOS contains a flaw in the BGP feature that may allow a remote denial of service. The issue is due to insufficient BGP path attribute exception handling. With a specially crafted BGP UPDATE message containing a malformed ATTR_SET attribute, a remote attacker can cause the rpd service to crash.

[CLOSE] OSVDB ID : 77668 - Disclosed: 2011-12-13

Description:

Microsoft Office PowerPoint is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a PowerPoint file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.