serial software vulnerabilities
vulnerabilities.aspcode.net
Searching serial software vulnerabilities
serial_ports administrative program in IRIX 4.x
administrative
|
environmental
|
serial_ports
|
privileges
|
variable
|
execute
|
program
|
Trojan
|
allows
|
user's
|
trusts
|
horse
|
users
|
local
|
which
|
find
|
PATH
|
IRIX
|
gain
|
root
|
via
|
serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.
FlowPoint DSL router firmware versions prior to
FlowPoint
|
firmware
|
versions
|
router
|
prior
|
DSL
|
FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote attacker to exploit a password recovery feature from the network and conduct brute force password guessing, instead of limiting the feature to the serial console port.
Multiple buffer overflows in Lexmark MarkVision
cat_paraller
|
cat_network
|
MarkVision
|
cat_serial
|
privileges
|
arguments
|
overflows
|
commands
|
programs
|
Multiple
|
Lexmark
|
printer
|
allows
|
buffer
|
driver
|
users
|
local
|
gain
|
long
|
via
|
Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands.
Xircom REX 6000 allows local users to obtain th
Xircom
|
REX
|
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.
Unknown vulnerability in the System Serial Cons
vulnerability
|
terminal
|
Console
|
Unknown
|
Solaris
|
System
|
Serial
|
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.
OpenCA before 0.9.1.4 does not use the correct
before
|
OpenCA
|
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.
The Equalizer Load-balancer for serial network
Load-balancer
|
interfaces
|
Equalizer
|
network
|
serial
|
The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.
Buffer overflow in the MoxaDriverIoctl function
MoxaDriverIoctl
|
function
|
overflow
|
serial
|
driver
|
Buffer
|
moxa
|
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
Unknown vulnerability in Sun StorEdge 6130 Arra
vulnerability
|
StorEdge
|
Unknown
|
Sun
|
Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data.
Fortinet firewall running FortiOS 2.x contains
privileges
|
hardcoded
|
firewall
|
password
|
contains
|
Fortinet
|
console
|
running
|
FortiOS
|
uername
|
allows
|
access
|
number
|
serial
|
which
|
local
|
users
|
gain
|
set
|
Fortinet firewall running FortiOS 2.x contains a hardcoded uername with the password set to the serial number, which allows local users with console access to gain privileges.
Avocent CCM console server running firmware 2.1
authenticated
|
restrictions
|
connecting
|
attackers
|
firmware
|
Avocent
|
console
|
connect
|
command
|
CCM4850
|
running
|
access
|
allows
|
remote
|
server
|
serial
|
bypass
|
using
|
port
|
CCM
|
SSH
|
via
|
Avocent CCM console server running firmware 2.1 CCM4850 allows remote authenticated attackers to bypass port restrictions by connecting to the server via SSH and using the connect command to access the serial port.
Planet Technology Corp FGSW2402RS switch with f
privileges
|
FGSW2402RS
|
Technology
|
attackers
|
password
|
device's
|
physical
|
firmware
|
default
|
access
|
allows
|
Planet
|
switch
|
serial
|
which
|
gain
|
Corp
|
port
|
has
|
Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges.
Unspecified vulnerability in Serial line sniffe
vulnerability
|
Unspecified
|
sniffer
|
Serial
|
line
|
Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow.
The Enova X-Wall ASIC encrypts with a key obtai
duplicating
|
cleartext
|
Microwire
|
obtained
|
hardware
|
sniffing
|
physical
|
encrypts
|
reading
|
located
|
access
|
obtain
|
allows
|
serial
|
X-Wall
|
stores
|
EEPROM
|
token
|
which
|
Enova
|
users
|
local
|
ASIC
|
bus
|
via
|
key
|
The Enova X-Wall ASIC encrypts with a key obtained via Microwire from a serial EEPROM that stores the key in cleartext, which allows local users with physical access to obtain the key by reading and duplicating an EEPROM that is located on a hardware token, or by sniffing the Microwire bus.
The ftdi_sio driver (usb/serial/ftdi_sio.c) in
ftdi_sio
|
driver
|
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
Multiple buffer overflows in the cmtp_recv_inte
cmtp_recv_interopmsg
|
overflows
|
Bluetooth
|
function
|
Multiple
|
driver
|
buffer
|
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.
The key serial number collision avoidance code
key_alloc_serial
|
collision
|
avoidance
|
function
|
kernel
|
number
|
serial
|
Linux
|
code
|
key
|
The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
Macrovision InstallAnywhere Enterprise before 8
InstallAnywhere
|
Macrovision
|
Enterprise
|
before
|
Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.
Eltima Software Virtual Serial Port (VSPAX) Act
Software
|
Virtual
|
Serial
|
Eltima
|
Port
|
Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions.
NETGEAR (formerly Infrant) ReadyNAS RAIDiator b
NETGEAR
|
NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.
Software vulnerabilities results 1 to 20 of 21
Page:
1
2
►