Advisories

Advantech iView getInventoryReportData Parameter SQL Injection Information Disclosure Vulnerability

MARCH 1, 2022

EIP-62f7da8c A vulnerability exists within Advantech iView SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful...

Read More

Advantech iView ztp_config_id Parameter SQL Injection Information Disclosure Vulnerability

MARCH 1, 2022

EIP-824d14ae A vulnerability exists within Advantech iView SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful...

Read More

Xerox DocuShare AMI Pro File Parsing Stack Overflow Vulnerability

FEBRUARY 23, 2022

EIP-db4e064b A stack-based buffer overflow vulnerability exists within Xerox DocuShare. Exploitation of the vulnerability allows for attackers to execute arbitrary code with system privileges. The specific flaw exists within the parsing of AMI Pro...

Read More

Xerox DocuShare WordPerfect Parsing Stack Overflow Vulnerability

FEBRUARY 23, 2022

EIP-c728d1ef A stack-based buffer overflow vulnerability exists within Xerox DocuShare. Exploitation of the vulnerability allows for attackers to execute arbitrary code with system privileges. The specific flaw exists within the parsing of containers embedded...

Read More

Xerox DocuShare AMI Pro p-tag Parsing Stack Overflow Vulnerability

FEBRUARY 23, 2022

EIP-6185db3e A stack-based buffer overflow vulnerability exists within Xerox DocuShare. Exploitation of the vulnerability allows for attackers to execute arbitrary code with system privileges. The specific flaw exists within the parsing of “<:p tags”...

Read More

ZyXEL Armor Cross-Site Request Forgery Vulnerability

FEBRUARY 22, 2022

EIP-521a3b40 A cross-site request forgery vulnerability exists within the ZyXEL Armor Z1 AC2350 and Z2 AC2600 series. Exploitation of the vulnerability allows for attackers to run arbitrary commands on vulnerable versions of the firmware...

Read More

ZyXEL Armor Photobak Command Injection Vulnerability

FEBRUARY 22, 2022

EIP-c624ba9f A command-injection vulnerability exists within the ZyXEL Armor Z1 AC2350 series. The vulnerable endpoint is within the ‘photobak’ component found in the cgi-bin. Exploitation of the vulnerability allows for remote unauthenticated attackers to...

Read More

Zlibc Environment Variable Handling Local Privilege Escalation Vulnerability

FEBRUARY 2, 2022

EIP-1a8a439f A vulnerability exists in Zlibc that allows a local attacker to execute arbitrary code with elevated privileges through manipulation of the LD_ZLIB_CONFFILE and LD_ZLIB_UNCOMPRESSOR environment variables when calling setuid binaries. Vulnerability Identifiers Exodus...

Read More

Arris SURFboard SSDP Command Injection Vulnerability

FEBRUARY 2, 2022

EIP-55f127ea A vulnerability exists within Arris SURFboard’s handling of Simple Service Discovery Protocol (SSDP) messages. A specially crafted NOTIFY message with a LOCATION header can result in a command injection under the context of...

Read More

LiveAction LiveNX AWS Credential Disclosure Vulnerability

JANUARY 19, 2022

EIP-7d4ec9e3 Several versions of LiveAction LiveNX network monitoring software contain Amazon Web Services (AWS) credentials. These credentials have privileged access to the LiveAction AWS infrastructure. A remote attacker may abuse these credentials to gain access...

Read More