Vulnerabilities

8 June, 2016

CVE-2016-4326

The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.
8 June, 2016

CVE-2016-1421

The web application on Cisco IP 8800 devices allows remote attackers to cause a denial of service (out-of-bounds memory access and web-server outage) via a crafted request, aka Bug ID CSCuz03034.
8 June, 2016

CVE-2016-1420

The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.
8 June, 2016

CVE-2016-1419

Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.
8 June, 2016

CVE-2016-0916

EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
8 June, 2016

CVE-2016-0910

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.
8 June, 2016

CVE-2015-8268

The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
8 June, 2016

CVE-2016-4532

Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
8 June, 2016

CVE-2016-4523

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.
8 June, 2016

CVE-2016-4510

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors.
8 June, 2016

CVE-2016-4449

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
8 June, 2016

CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
8 June, 2016

CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
8 June, 2016

CVE-2016-4370

HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.
8 June, 2016

CVE-2016-2310

General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.

Microsoft
FreeBSD
Malware
  • 4 October, 2010

    SymbOS.Zeusmitmo

    SymbOS.Zeusmitmo is a Trojan horse that runs on Symbian Series 60 2nd Edition mobile devices. It opens a back door that allows a remote attacker to steal information from SMS messages received on the compromised device.
  • 4 October, 2010

    Packed.Vmpbad!gen5

    Packed.Vmpbad!gen5 is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal them from antivirus software. This heuristic detection is used to detect threats associated with multiple threat families.
  • 4 October, 2010

    Hacktool.RemNtSrv

    BehaviorHacktool.RemNtSrv is a tool that can be used to remove a specific service from a computer. Although the tool is not malicious by itself, it can be used for malicious purposes in order to remove legitimate running services.
  • 4 October, 2010

    W32.Pilleuz!gen12

    W32.Pilleuz!gen12 is a heuristic detection that may include members of the W32.Pilleuz family of threats.
  • 4 October, 2010

    Trojan.Fortemp!Inf

    Trojan.Fortemp!Inf is a detection for infected files that attempts to download and execute files from randomly named domains.