​
I Summary
=========
This document reports on the results of an automatic security scan.
The report first summarises the results found.
Then, for each host, the report describes every issue found.
Please consider the advice given in each description, in order to rectify
the issue.
All dates are displayed using the timezone "Coordinated Universal Time",
which is abbreviated "UTC".
Vendor security updates are not trusted.
Overrides are on. When a result has an override, this report uses the
threat of the override.
Notes are included in the report.Information on overrides is included in the report.
This report might not show details of all issues that were found.
This report contains all 871 results selected by the
filtering described above. Before filtering there were 871 results.
Scan started: Fri May 26 13:20:06 2017 UTC
Scan ended: Fri May 26 14:06:43 2017 UTC
Task: DVL
Host Summary
************
Host High Medium Low Log False Positive
192.168.27.45 490 273 24 84 0
Total: 1 490 273 24 84 0
II Results per Host
===================
Host 192.168.27.45
******************
Scanning of this host started at: Fri May 26 13:20:22 2017 UTC
Number of results: 871
Port Summary for Host 192.168.27.45
-----------------------------------
Service (Port) Threat Level
general/tcp High
6001/tcp Log
69/udp Log
22/tcp High
5801/tcp Log
3306/tcp Log
5901/tcp Log
general/icmp Log
631/tcp Log
5001/tcp Log
80/tcp High
6000/tcp Log
general/CPE-T Log
5432/tcp Medium
Security Issues for Host 192.168.27.45
--------------------------------------
Issue
-----
NVT: 12Planet Chat Server one2planet.infolet.InfoServlet XSS
OID: 1.3.6.1.4.1.25623.1.0.12299
Threat: Medium (CVSS: 4.3)
Port: 80/tcp
Summary:
The remote host contains the 12Planet Chat Server CGI which is
vulnerable to a cross-site scripting issue.
There is a bug in this software which makes it vulnerable to cross site script!
ing attacks.
Vulnerability Detection Result:
Vulnerable url: http://192.168.27.45/info/servlet/one2planet.infolet.InfoServlet!
?page=<script>foo</script>
Impact:
An attacker may use this bug to steal the credentials of the legitimate users
of this site.
Solution:
Solution type: VendorFix
Upgrade to the newest version of this software
Vulnerability Detection Method:
Details:
12Planet Chat Server one2planet.infolet.InfoServlet XSS
(OID: 1.3.6.1.4.1.25623.1.0.12299)
Version used: $Revision: 6046 $
References:
CVE: CVE-2004-0678
BID: 10659
Issue
-----
NVT: Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.902129
Threat: High (CVSS: 9.3)
Port: general/tcp
Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)
Summary:
This host is installed with Adobe Reader and is prone to remote code
execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let attackers to execute arbitrary code by tricking
a user into opening a PDF file embedding a malicious Flash animation and bypass
intended sandbox restrictions allowing cross-domain requests.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to Adobe Reader version 9.3.1 or 8.2.1 or later. For updates
refer to http://www.adobe.com
Affected Software/OS:
Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1 on Linux.
Vulnerability Insight:
Flaw is caused by a memory corruption error in the 'authplay.dll' module
when processing malformed Flash data within a PDF document and some unspecified
error.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.902129)
Version used: $Revision: 5394 $
Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5
Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)
References:
CVE: CVE-2010-0188, CVE-2010-0186
BID: 38195, 38198
CERT: DFN-CERT-2010-0348
, DFN-CERT-2010-0247
, DFN-CERT-2010-0233
, DFN-CERT-2010-0218
, DFN-CERT-2010-0210
, DFN-CERT-2010-0209
Other:
http://xforce.iss.net/xforce/xfdb/56297
http://www.vupen.com/english/advisories/2010/0399
http://securitytracker.com/alerts/2010/Feb/1023601.html
http://www.adobe.com/support/security/bulletins/apsb10-07.html
Issue
-----
NVT: Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
OID: 1.3.6.1.4.1.25623.1.0.804267
Threat: High (CVSS: 9.3)
Port: general/tcp
Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)
Summary:
This host is installed with Adobe Reader/Acrobat and is prone to remote code
execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let attackers to execute arbitrary code by tricking
a user into opening a PDF file embedding a malicious Flash animation and bypass
intended sandbox restrictions allowing cross-domain requests.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to Adobe Reader/Acrobat version 9.3.1 or 8.2.1 or later. For updates
refer to http://www.adobe.com
Affected Software/OS:
Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1 on Mac OS X.
Adobe Acrobat version 8.x before 8.2.1 and 9.x before 9.3.1 on Mac OS X
Vulnerability Insight:
Flaw is caused by a memory corruption error in the 'authplay.dll' module
when processing malformed Flash data within a PDF document and some unspecified
error.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
(OID: 1.3.6.1.4.1.25623.1.0.804267)
Version used: $Revision: 2482 $
Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5
Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)
References:
CVE: CVE-2010-0188, CVE-2010-0186
BID: 38195, 38198
CERT: DFN-CERT-2010-0348
, DFN-CERT-2010-0247
, DFN-CERT-2010-0233
, DFN-CERT-2010-0218
, DFN-CERT-2010-0210
, DFN-CERT-2010-0209
Other:
http://xforce.iss.net/xforce/xfdb/56297
http://www.vupen.com/english/advisories/2010/0399
http://securitytracker.com/alerts/2010/Feb/1023601.html
http://www.adobe.com/support/security/bulletins/apsb10-07.html
Issue
-----
NVT: Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
OID: 1.3.6.1.4.1.25623.1.0.902128
Threat: High (CVSS: 9.3)
Port: general/tcp
Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)
Summary:
This host is installed with Adobe Reader/Acrobat and is prone to remote code
execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let attackers to execute arbitrary code by tricking
a user into opening a PDF file embedding a malicious Flash animation and bypass
intended sandbox restrictions allowing cross-domain requests.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to Adobe Reader/Acrobat version 9.3.1 or 8.2.1 or later. For updates
refer to http://www.adobe.com
Affected Software/OS:
Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1
Adobe Acrobat version 8.x before 8.2.1 and 9.x before 9.3.1
Vulnerability Insight:
Flaw is caused by a memory corruption error in the 'authplay.dll' module
when processing malformed Flash data within a PDF document and some unspecified
error.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.902128)
Version used: $Revision: 5394 $
Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5
Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)
References:
CVE: CVE-2010-0188, CVE-2010-0186
BID: 38195, 38198
CERT: DFN-CERT-2010-0348
, DFN-CERT-2010-0247
, DFN-CERT-2010-0233
, DFN-CERT-2010-0218
, DFN-CERT-2010-0210
, DFN-CERT-2010-0209
Other:
http://xforce.iss.net/xforce/xfdb/56297
http://www.vupen.com/english/advisories/2010/0399
http://securitytracker.com/alerts/2010/Feb/1023601.html
http://www.adobe.com/support/security/bulletins/apsb10-07.html
Issue
-----
NVT: Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.801516
Threat: High (CVSS: 9.3)
Port: general/tcp
Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)
Summary:
This host is installed with Adobe Reader and is prone to buffer overflow
vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let attackers to crash an affected application or
execute arbitrary code by tricking a user into opening a specially crafted PDF
document.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to Adobe Reader version 9.4,
For updates refer to http://www.adobe.com
Affected Software/OS:
Adobe Reader version 9.3.4 and prior.
Vulnerability Insight:
The flaw is due to a boundary error within 'CoolType.dll' when processing the
'uniqueName' entry of SING tables in fonts.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Li...
(OID: 1.3.6.1.4.1.25623.1.0.801516)
Version used: $Revision: 5263 $
Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5
Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)
References:
CVE: CVE-2010-2883
BID: 43057
CERT: DFN-CERT-2010-1424
, DFN-CERT-2010-1338
, DFN-CERT-2010-1313
, DFN-CERT-2010-1308
, DFN-CERT-2010-1179
Other:
http://secunia.com/advisories/41340
http://www.adobe.com/support/security/advisories/apsa10-02.html
http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
Issue
-----
NVT: Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Windows)
OID: 1.3.6.1.4.1.25623.1.0.801515
Threat: High (CVSS: 9.3)
Port: general/tcp
Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)
Summary:
This host is installed with Adobe Reader/Acrobat and is prone to buffer
overflow vulnerability
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let attackers to crash an affected application
or execute arbitrary code by tricking a user into opening a specially crafted
PDF document.
Impact Level: Application
Solution:
Solution type: VendorFix
Upgrade to Adobe Reader/Adobe Acrobat version 9.4 or later.
For updates refer http://www.adobe.com/downloads/
Affected Software/OS:
Adobe Reader version 9.3.4 and prior.
Adobe Acrobat version 9.3.4 and prior on windows.
Vulnerability Insight:
The flaw is due to a boundary error within 'CoolType.dll' when processing the
'uniqueName' entry of SING tables in fonts.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Wi...
(OID: 1.3.6.1.4.1.25623.1.0.801515)
Version used: $Revision: 5263 $
Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5
Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)
References:
CVE: CVE-2010-2883
BID: 43057
CERT: DFN-CERT-2010-1424
, DFN-CERT-2010-1338
, DFN-CERT-2010-1313
, DFN-CERT-2010-1308
, DFN-CERT-2010-1179
Other:
http://secunia.com/advisories/41340
http://www.adobe.com/support/security/advisories/apsa10-02.html
http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
Issue
-----
NVT: Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.90018
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
The remote host is probably affected by the vulnerabilities
described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,
CVE-2008-1654, CVE-2008-1655
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
CVE 2007-5275
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause
a victim machine to establish TCP sessions with arbitrary hosts via a
Flash (SWF) movie, related to lack of pinning of a hostname to a single
IP address after receiving an allow-access-from element in a
cross-domain-policy XML document, and the availability of a Flash Socket
class that does not use the browser's DNS pins, aka DNS rebinding attacks,
a different issue than CVE-2002-1467 and CVE-2007-4324.
CVE 2007-6019
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier,
allows remote attackers to execute arbitrary code via an SWF file with
a modified DeclareFunction2 Actionscript tag, which prevents an object
from being instantiated properly.
CVE 2007-6243
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x
up to 7.0.70.0 does not sufficiently restrict the interpretation and
usage of cross-domain policy files, which makes it easier for remote
attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
CVE 2007-6637
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash
Player allow remote attackers to inject arbitrary web script or HTML
via a crafted SWF file, related to 'pre-generated SWF files' and Adobe
Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector
is already covered by CVE-2007-6244.1.
CVE 2008-1654
Interaction error between Adobe Flash and multiple Universal Plug and Play
(UPnP) services allow remote attackers to perform Cross-Site Request
Forgery (CSRF) style attacks by using the Flash navigateToURL function
to send a SOAP message to a UPnP control point, as demonstrated by changing
the primary DNS server.
CVE 2008-1655
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier,
and 8.0.39.0 and earlier, makes it easier for remote attackers to
conduct DNS rebinding attacks via unknown vectors.
Solution:
All Adobe Flash Player users should upgrade to the latest version:
Vulnerability Detection Method:
Details:
Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.90018)
Version used: $Revision: 5661 $
References:
CVE: CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637, CVE-2008-1654, CVE-2008-1655
BID: 28697, 28696, 27034, 26966, 28694, 26930
Issue
-----
NVT: Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.801922
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
This host has Adobe flash Player installed, and is prone to code
execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let attackers to corrupt memory
and execute arbitrary code on the system with elevated privileges.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade adobe flash player to version 10.2.159.1 or later,
Update Adobe Reader/Acrobat to version 9.4.4 or 10.0.3 or later,
For updates refer to http://www.adobe.com
Affected Software/OS:
Adobe Flash Player version 10.2.153.1 and prior on Linux
Vulnerability Insight:
The flaw is due to an error in handling 'SWF' file in adobe flash
player, which allows attackers to execute arbitrary code or cause a denial
of service via crafted flash content.
Vulnerability Detection Method:
Details:
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.801922)
Version used: $Revision: 5424 $
References:
CVE: CVE-2011-0611
BID: 47314
CERT: DFN-CERT-2012-0828
, DFN-CERT-2011-0662
, DFN-CERT-2011-0604
, DFN-CERT-2011-0602
, DFN-CERT-2011-0548
Other:
https://www.kb.cert.org/vuls/id/230057
http://www.adobe.com/support/security/advisories/apsa11-02.html
http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html
Issue
-----
NVT: Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.801922
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
This host has Adobe flash Player installed, and is prone to code
execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let attackers to corrupt memory
and execute arbitrary code on the system with elevated privileges.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade adobe flash player to version 10.2.159.1 or later,
Update Adobe Reader/Acrobat to version 9.4.4 or 10.0.3 or later,
For updates refer to http://www.adobe.com
Affected Software/OS:
Adobe Flash Player version 10.2.153.1 and prior on Linux
Vulnerability Insight:
The flaw is due to an error in handling 'SWF' file in adobe flash
player, which allows attackers to execute arbitrary code or cause a denial
of service via crafted flash content.
Vulnerability Detection Method:
Details:
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.801922)
Version used: $Revision: 5424 $
References:
CVE: CVE-2011-0611
BID: 47314
CERT: DFN-CERT-2012-0828
, DFN-CERT-2011-0662
, DFN-CERT-2011-0604
, DFN-CERT-2011-0602
, DFN-CERT-2011-0548
Other:
https://www.kb.cert.org/vuls/id/230057
http://www.adobe.com/support/security/advisories/apsa11-02.html
http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html
Issue
-----
NVT: Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804087
Threat: High (CVSS: 10.0)
Port: general/tcp
Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)
Summary:
This host is installed with Adobe Flash Player and is prone to arbitrary
code execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to, execute arbitrary code and
cause buffer overflow.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.336 or later,
For updates refer to http://get.adobe.com/flashplayer
Affected Software/OS:
Adobe Flash Player versions before 11.2.202.336 on Linux
Vulnerability Insight:
Flaw is due to an integer underflow condition that is triggered as unspecified
user-supplied input is not properly validated.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804087)
Version used: $Revision: 3521 $
Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0
Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)
References:
CVE: CVE-2014-0497
BID: 65327
CERT: CB-K14/0138
, DFN-CERT-2014-0142
Other:
http://secunia.com/advisories/56737
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
http://krebsonsecurity.com/2014/02/adobe-pushes-fix-for-flash-zero-day-attack
Issue
-----
NVT: Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804087
Threat: High (CVSS: 10.0)
Port: general/tcp
Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)
Summary:
This host is installed with Adobe Flash Player and is prone to arbitrary
code execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to, execute arbitrary code and
cause buffer overflow.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.336 or later,
For updates refer to http://get.adobe.com/flashplayer
Affected Software/OS:
Adobe Flash Player versions before 11.2.202.336 on Linux
Vulnerability Insight:
Flaw is due to an integer underflow condition that is triggered as unspecified
user-supplied input is not properly validated.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804087)
Version used: $Revision: 3521 $
Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0
Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)
References:
CVE: CVE-2014-0497
BID: 65327
CERT: CB-K14/0138
, DFN-CERT-2014-0142
Other:
http://secunia.com/advisories/56737
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
http://krebsonsecurity.com/2014/02/adobe-pushes-fix-for-flash-zero-day-attack
Issue
-----
NVT: Adobe Flash Player Buffer Overflow Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.803154
Threat: High (CVSS: 10.0)
Port: general/tcp
Summary:
This host is installed with Adobe Flash Player and is prone to
buffer overflow vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code or cause denial of service condition.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Affected Software/OS:
Adobe Flash Player version before 10.3.183.50, 11.x before 11.2.202.261 on Linux
Update to Adobe Flash Player version 10.3.183.50 or 11.2.202.261 or later,
For updates refer to http://get.adobe.com/flashplayer
Vulnerability Insight:
An integer overflow error within 'flash.display.BitmapData()', which can be
exploited to cause a heap-based buffer overflow.
Vulnerability Detection Method:
Details:
Adobe Flash Player Buffer Overflow Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.803154)
Version used: $Revision: 3556 $
References:
CVE: CVE-2013-0630
BID: 57184
CERT: DFN-CERT-2013-0439
, DFN-CERT-2013-0133
, DFN-CERT-2013-0116
, DFN-CERT-2013-0063
, DFN-CERT-2013-0057
, DFN-CERT-2013-0047
Other:
http://secunia.com/advisories/51771
http://securitytracker.com/id?1027950
http://www.adobe.com/support/security/bulletins/apsb13-01.html
Issue
-----
NVT: Adobe Flash Player Buffer Overflow Vulnerability (Linux)
OID: 1.3.6.1.4.1.25623.1.0.803154
Threat: High (CVSS: 10.0)
Port: general/tcp
Summary:
This host is installed with Adobe Flash Player and is prone to
buffer overflow vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code or cause denial of service condition.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Affected Software/OS:
Adobe Flash Player version before 10.3.183.50, 11.x before 11.2.202.261 on Linux
Update to Adobe Flash Player version 10.3.183.50 or 11.2.202.261 or later,
For updates refer to http://get.adobe.com/flashplayer
Vulnerability Insight:
An integer overflow error within 'flash.display.BitmapData()', which can be
exploited to cause a heap-based buffer overflow.
Vulnerability Detection Method:
Details:
Adobe Flash Player Buffer Overflow Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.803154)
Version used: $Revision: 3556 $
References:
CVE: CVE-2013-0630
BID: 57184
CERT: DFN-CERT-2013-0439
, DFN-CERT-2013-0133
, DFN-CERT-2013-0116
, DFN-CERT-2013-0063
, DFN-CERT-2013-0057
, DFN-CERT-2013-0047
Other:
http://secunia.com/advisories/51771
http://securitytracker.com/id?1027950
http://www.adobe.com/support/security/bulletins/apsb13-01.html
Issue
-----
NVT: Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804561
Threat: High (CVSS: 10.0)
Port: general/tcp
Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)
Summary:
This host is installed with Adobe Flash Player and is prone to buffer
overflow vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to execute arbitrary code and
cause a buffer overflow, resulting in a denial of service condition.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.356 or later,
For updates refer to http://get.adobe.com/flashplayer
Affected Software/OS:
Adobe Flash Player version before 11.2.202.356 on Linux
Vulnerability Insight:
Flaw is due to an improper validation of user-supplied input to the pixel
bender component.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804561)
Version used: $Revision: 3521 $
Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0
Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)
References:
CVE: CVE-2014-0515
BID: 67092
CERT: CB-K14/0490
, DFN-CERT-2014-0510
Other:
http://secpod.org/blog/?p=2577
http://www.securelist.com/en/blog/8212
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
Issue
-----
NVT: Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804561
Threat: High (CVSS: 10.0)
Port: general/tcp
Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)
Summary:
This host is installed with Adobe Flash Player and is prone to buffer
overflow vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to execute arbitrary code and
cause a buffer overflow, resulting in a denial of service condition.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.356 or later,
For updates refer to http://get.adobe.com/flashplayer
Affected Software/OS:
Adobe Flash Player version before 11.2.202.356 on Linux
Vulnerability Insight:
Flaw is due to an improper validation of user-supplied input to the pixel
bender component.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804561)
Version used: $Revision: 3521 $
Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0
Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)
References:
CVE: CVE-2014-0515
BID: 67092
CERT: CB-K14/0490
, DFN-CERT-2014-0510
Other:
http://secpod.org/blog/?p=2577
http://www.securelist.com/en/blog/8212
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
Issue
-----
NVT: Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
OID: 1.3.6.1.4.1.25623.1.0.903015
Threat: High (CVSS: 10.0)
Port: general/tcp
Summary:
This host is installed with Adobe Flash Player and is prone to
code execution and denial of service vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via unknown vectors.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 10.3.183.18 or 11.2.202.228 or later,
For updates refer to http://get.adobe.com/flashplayer/
Affected Software/OS:
Adobe Flash Player version prior to 10.3.183.18 and 11.x to 11.1.102.63 on Linux
Vulnerability Insight:
The flaws are due to an unspecified error within the NetStream class.
Vulnerability Detection Method:
Details:
Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.903015)
Version used: $Revision: 5950 $
References:
CVE: CVE-2012-0772, CVE-2012-0773, CVE-2012-0724, CVE-2012-0725
BID: 52748, 52916, 52914
CERT: DFN-CERT-2012-2056
, DFN-CERT-2012-0985
, DFN-CERT-2012-0594
, DFN-CERT-2012-0590
, DFN-CERT-2012-0577
, DFN-CERT-2012-0573
Other:
http://secunia.com/advisories/48623/
http://www.securitytracker.com/id/1026859
http://www.adobe.com/support/security/bulletins/apsb12-07.html
Issue
-----
NVT: Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
OID: 1.3.6.1.4.1.25623.1.0.903015
Threat: High (CVSS: 10.0)
Port: general/tcp
Summary:
This host is installed with Adobe Flash Player and is prone to
code execution and denial of service vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via unknown vectors.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 10.3.183.18 or 11.2.202.228 or later,
For updates refer to http://get.adobe.com/flashplayer/
Affected Software/OS:
Adobe Flash Player version prior to 10.3.183.18 and 11.x to 11.1.102.63 on Linux
Vulnerability Insight:
The flaws are due to an unspecified error within the NetStream class.
Vulnerability Detection Method:
Details:
Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.903015)
Version used: $Revision: 5950 $
References:
CVE: CVE-2012-0772, CVE-2012-0773, CVE-2012-0724, CVE-2012-0725
BID: 52748, 52916, 52914
CERT: DFN-CERT-2012-2056
, DFN-CERT-2012-0985
, DFN-CERT-2012-0594
, DFN-CERT-2012-0590
, DFN-CERT-2012-0577
, DFN-CERT-2012-0573
Other:
http://secunia.com/advisories/48623/
http://www.securitytracker.com/id/1026859
http://www.adobe.com/support/security/bulletins/apsb12-07.html
Issue
-----
NVT: Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804147
Threat: High (CVSS: 10.0)
Port: general/tcp
Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)
Summary:
This host is installed with Adobe Flash Player and is prone to remote code
execution and denial of service vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to execute arbitrary code, cause
denial of service (memory corruption) and compromise a user's system.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.327 or later.
For updates refer to http://get.adobe.com/flashplayer
Affected Software/OS:
Adobe Flash Player before version 11.2.202.327 on Linux
Vulnerability Insight:
Flaws are due to unspecified errors.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804147)
Version used: $Revision: 3556 $
Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0
Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)
References:
CVE: CVE-2013-5329, CVE-2013-5330
BID: 63680, 63680
CERT: CB-K13/0910
, DFN-CERT-2013-1930
Other:
http://secunia.com/advisories/55527
http://www.adobe.com/support/security/bulletins/apsb13-26.html
Issue
-----
NVT: Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux)
OID: 1.3.6.1.4.1.25623.1.0.804147
Threat: High (CVSS: 10.0)
Port: general/tcp
Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)
Summary:
This host is installed with Adobe Flash Player and is prone to remote code
execution and denial of service vulnerabilities.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will allow attackers to execute arbitrary code, cause
denial of service (memory corruption) and compromise a user's system.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.327 or later.
For updates refer to http://get.adobe.com/flashplayer
Affected Software/OS:
Adobe Flash Player before version 11.2.202.327 on Linux
Vulnerability Insight:
Flaws are due to unspecified errors.
Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804147)
Version used: $Revision: 3556 $
Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0
Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)
References:
CVE: CVE-2013-5329, CVE-2013-5330
BID: 63680, 63680
CERT: CB-K13/0910
, DFN-CERT-2013-1930
Other:
http://secunia.com/advisories/55527
http://www.adobe.com/support/security/bulletins/apsb13-26.html
Issue
-----
NVT: Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux)
OID: 1.3.6.1.4.1.25623.1.0.802941
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
This host is installed with Adobe Flash Player and is prone to
unspecified code execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let attackers to execute arbitrary code or
cause the application to crash and take control of the affected system.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to Adobe Flash Player version 11.2.202.238 or later,
For details refer, http://www.adobe.com/downloads/
Affected Software/OS:
Adobe Flash Player version 11.2.202.236 and prior on Linux
Vulnerability Insight:
An unspecified error occurs when handling SWF content in a word document.
This may allow a context-dependent attacker to execute arbitrary code.
Vulnerability Detection Method:
Details:
Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.802941)
Version used: $Revision: 5940 $
References:
CVE: CVE-2012-1535
BID: 55009
CERT: DFN-CERT-2013-0433
, DFN-CERT-2012-1652
, DFN-CERT-2012-1609
, DFN-CERT-2012-1599
, DFN-CERT-2012-1592
, DFN-CERT-2012-1576
Other:
http://secunia.com/advisories/50285/
http://www.adobe.com/support/security/bulletins/apsb12-18.html
Issue
-----
NVT: Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux)
OID: 1.3.6.1.4.1.25623.1.0.802941
Threat: High (CVSS: 9.3)
Port: general/tcp
Summary:
This host is installed with Adobe Flash Player and is prone to
unspecified code execution vulnerability.
Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.
Impact:
Successful exploitation will let attackers to execute arbitrary code or
cause the application to crash and take control of the affected system.
Impact Level: System/Application
Solution:
Solution type: VendorFix
Upgrade to Adobe Flash Player version 11.2.202.238 or later,
For details refer, http://www.adobe.com/downloads/
Affected Software/OS:
Adobe Flash Player version 11.2.202.236 and prior on Linux
Vulnerability Insight:
An unspecified error occurs when handling SWF content in a word document.
This may allow a context-dependent attacker to execute arbitrary code.
Vulnerability Detection Method:
Details:
Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.802941)
Version used: $Revision: 5940 $
References:
CVE: CVE-2012-1535
BID: 55009
CERT: DFN-CERT-2013-0433
, DFN-CERT-2012-1652
, DFN-CERT-2012-1609
, DFN-CERT-2012-1599
, DFN-CERT-2012-1592
, DFN-CERT-2012-1576
Other:
http://secunia.com/advisories/50285/
http://www.adobe.com/support/security/bulletins/apsb12-18.html