Posted on

ZyXEL NWA1123-NI X.509 Certificate weak authentication [CVE-2015-7256]

A vulnerability classified as critical has been found in ZyXEL NWA1123-NI, P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, VSG1435-B101 DSL CPEs, PMG5318-B20A GPON, SBG3300-N000, SBG3300-NB00, SBG3500-N000, GS1900-8, GS1900-24, C1000Z, Q1000, FR1000Z and P8702N (Router Operating System). Affected is some unknown processing of the component X.509 Certificate. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

CVE-2011-3352

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the ‘themename’ parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.

Posted on

Smartphone Passbook 1.0.0 X.509 Certificate Validation Man-in-the-Middle weak authentication

A vulnerability was found in Smartphone Passbook 1.0.0 (Smartphone Operating System). It has been classified as problematic. This affects some unknown functionality of the component X.509 Certificate Validation. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

CVE-2011-3349

lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.

Posted on

OpenHPI up to 3.5.x Permission openhpi/Makefile.am denial of service

A vulnerability was found in OpenHPI up to 3.5.x. It has been declared as problematic. This vulnerability affects an unknown part in the library /var/lib/openhpi of the file openhpi/Makefile.am of the component Permission. Upgrading to version 3.6.0 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.