<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Mon Jan 22 22:58:54 2018 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-17-1009: Symantec Messaging Gateway Export Servlet snmpFileName Directory Traversal Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Gy26ImcXJCo/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Symantec Messaging Gateway. Authentication is required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/Gy26ImcXJCo" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1009/ <![CDATA[ZDI-17-1008: QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/4GdA9wRtubk/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/4GdA9wRtubk" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1008/ <![CDATA[ZDI-17-1007: QNAP QTS Web sysinfoReq Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/bLLQzaAlbhQ/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/bLLQzaAlbhQ" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1007/ <![CDATA[ZDI-17-1006: QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/5f68XOEdCYA/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/5f68XOEdCYA" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1006/ <![CDATA[ZDI-17-1005: QNAP QTS authLogin Host Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/35eN1VLWplM/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/35eN1VLWplM" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1005/ <![CDATA[ZDI-17-1004: QNAP QTS authLogin Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/8IAexr7dE0k/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/8IAexr7dE0k" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1004/ <![CDATA[ZDI-17-1003: QNAP QTS Web devRequest Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/npiIC5F6MEM/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/npiIC5F6MEM" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1003/ <![CDATA[ZDI-17-1002: QNAP QTS NASFTPD USER Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/cUp3jjbhTAQ/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS NASFTPD. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/cUp3jjbhTAQ" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1002/ <![CDATA[ZDI-17-1001: WECON LeviStudio PLC Driver Heap-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/T6XDqNMXLs0/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/T6XDqNMXLs0" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1001/ <![CDATA[ZDI-17-1000: Ecava IntegraXor Report getdata name SQL Injection Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/eTVUW8G2FV0/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/eTVUW8G2FV0" height="1" width="1" alt=""/> Wed, 20 Dec 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-1000/