Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)

: Oct. 2014 Public release: Aug. 13th, 2015 Author: Bernhard Mueller bernhard[at]vantagepoint[dot]sg Summary: Cisco Unified Communications Manager (CUCM) offers services such as session management, voice, video, messaging, mobility, and web conferencing. During the last year, Vantage Point

VP-2014-004 SysAid Server Arbitrary File Disclosure

Vantage Point Security Advisory 2014-004 Title: SysAid Server Arbitrary File Disclosure ID: VP-2014-004 Vendor: SysAid Affected Product: SysAid On-Premise Affected Versions: 14.4.2 Product Website: http://www.sysaid.com/product/sysaid Author: Bernhard

SEC Consult SA-20090707-0 :: Symbian S60 / Nokia firmware media codecs multiple memory corruption vulnerabilities

with multimedia capabilities are likely vulnerable (tested on E61, E71, N96) impact: Critical homepage: http://www.nokia.com/ found: May 2009 by: Bernhard Mueller / SEC Consult Vulnerability Lab

Pwning Nokia phones (and other Symbian based smartphones)

be used in targeted attacks to remotely compromise a smartphone (track GPS, turn on mic, etc.), or as a means of propagation for mobile network worms. -- _ Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190

SEC Consult SA-20090525-0 :: Nortel Contact Center Manager Server Authentication Bypass Vulnerability

: 6.0 homepage: http://www.nortel.com/ccms found: 2008-11-14 by: Bernhard Mueller / SEC Consult Vulnerability Lab permanent link: https://www.sec-consult.com/advisories_e.html#a58

SEC Consult SA-20090525-1 :: Nortel Contact Center Manager Server Password Disclosure Vulnerability

SEC Consult Security Advisory 20090525-1 == title: Nortel Contact Center Manager Server Password Disclosure program: Nortel Contact Center Manager Server vulnerable version:

SEC Consult SA-20090525-2 :: SonicWALL Global Security Client Local Privilege Escalation Vulnerability

SEC Consult Security Advisory 20090525-2 == title: SonicWALL Global Security Client Local Privilege Escalation Vulnerability program: SonicWALL Global Security Client

SEC Consult SA-20090525-3 :: SonicWALL Global VPN Client Local Privilege Escalation Vulnerability

SEC Consult Security Advisory 20090525-3 == title: SonicWALL Global VPN Client Local Privilege Escalation Vulnerability program: SonicWALL Global VPN Client vulnerable version: Global VPN

SEC Consult SA-20090525-4 :: SonicOS Format String Vulnerability

SEC Consult Security Advisory 20090525-4 == title: SonicOS Format String Vulnerability program: SonicWALL Global VPN Client vulnerable version: PRO 4100 SonicOS 4.0.0.2-51e Standard and Enhanced

SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming

SEC Consult Security Advisory 20090415-0 == title: Novell Teaming Multiple Vulnerabilities * Username Enumeration * Multiple Cross Site Scripting *

SEC Consult SA-20090415-1 :: Nortel Application Gateway 2000 Password Disclosure Vulnerability

SEC Consult Security Advisory 20090415-1 == title: Nortel Application Gateway 2000 Password Disclosure Vulnerability program: Nortel Application Gateway 2000 vulnerable

SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability

homepage: http://www-03.ibm.com/systems/management/director/ found: Sept. 2008 by: Bernhard Mueller / SEC Consult Vulnerability Lab permanent link: http://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt

SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability

homepage: http://www-03.ibm.com/systems/management/director/ found: Sept. 2008 by: Bernhard Mueller / SEC Consult Vulnerability Lab permanent link: http://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt

SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability

SEC Consult Security Advisory 20090305-0 title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage:

Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209)

Unternehmensberatung GmbH Office Vienna Mooslackengasse 17 A-1190 Vienna Austria Tel.: +43 / 1 / 890 30 43 - 0 Fax.: +43 / 1 / 890 30 43 - 25 Mail: research at sec-consult dot com www.sec-consult.com EOF Bernhard Mueller / @2008

SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability

: Microsoft SQL Server 2000 vulnerable version: =8.00.2039 homepage: www.microsoft.com found: 04-12-2008 by: Bernhard Mueller (SEC Consult Vulnerability Lab) perm. link: http://www.sec-consult.com/files/20081209_mssql-2000

SEC Consult SA-20081016-0 :: Remote command execution in Instant Expert Analysis

SEC Consult Security Advisory 20081016-0 title: Remote command execution in Instant Expert Analysis signed Java applet and signed ActiveX control program:

Interesting things at sec-consult.com, DNS-whitepaper available tomorrow

) -- _ Bernhard Mueller Security Consultant SEC Consult Unternehmensberatung GmbH www.sec-consult.com A-1190 Vienna, Mooslackengasse 17 phone +43 1 8903043 34 fax +43 1 8903043 15 mobile+43 676 840301 718 email [EMAIL PROTECTED] Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223

Firewire Attack on Windows Vista

in Adam Boileau´s winlockpwn) can be used against Windows Vista. The paper is available at: http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf Best regards, Bernhard -- _ Bernhard Mueller Security Consultant SEC Consult

SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format String Vulnerability

SEC Consult Security Advisory 20071204-0 = title: SonicWALL Global VPN Client Format String Vulnerability program: SonicWALL Global VPN Client vulnerable version: 4.0.0.830

SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALL SSL-VPN Client

an independent security researcher. In the research bonus programme, SEC Consult is looking for security vulnerabilities in common software products. For more information, contact research [at] sec-consult [dot] com EOF Bernhard Mueller / SEC Consult

SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format String Vulnerability

: =1.17 homepage: http://www.vergenet.net/ found: August 2007 by: Bernhard Mueller / SEC Consult permanent link: http://www.sec-consult.com/300.html Vendor

SEC Consult SA-20071012-0 :: Madwifi xrates element remote DOS

. References -- [1] http://madwifi.org/changeset/2736 [2] http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html [3] https://deepsec.net/ ~ EOF Bernhard Mueller / research [at] sec-consult [dot] com

Re: PHP exec, system, popen (+small POC)

, jackrabbit, kost, VenRock, znick and others :) Special thanks to ilya for help. -- _ DI (FH) Bernhard Mueller IT Security Consultant SEC-Consult Unternehmensberatung GmbH www.sec-consult.com A-1080 Vienna, Blindengasse 3 phone +43 1

SEC Consult SA-20060512-0 :: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure

SEC Consult Security Advisory 20060512-0 == title: Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure program: Symantec Enterprise FW vulnerable version: 8.0

SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow

SEC-CONSULT Security Advisory 20060413-0 title: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow program: Opera vulnerable version: = 8.52 homepage: www.opera.com found:

SEC Consult SA-XXXXXXXXXXX

I just totally mixed up these numbers. Should be SA-20051202-0 and SA-20051202-1, in the doubtful case that anyone cares.

SEC Consult SA-20051107-1 :: Macromedia Flash Player ActionDefineFunction Memory Corruption

vulnerable version: flash.ocx v7.0.19.0 and earlier libflashplayer.so before 7.0.25.0 homepage: www.macromedia.com found: 2005-06-27 by: Bernhard Mueller / SEC-CONSULT / www.sec-consult.com