HP Tru64 UNIX "lpd" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "lpd" contains a locally exploitable buffer overflow. Description "lpd" is used to handle the printer spool area. A locally exploitable buffer overflow in "lpd" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...

Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection

Overview Novell Netware RCONAG6 allows users to gain access to the server without a password. Description Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password...

Microsoft SQL Server contains buffer overflow in code used to process "BULK INSERT" queries

Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server contains a buffer overflow vulnerability in the code used to process "Bulk Insert" queries. Bulk Insert...

Network Associates PGP Outlook Plug-in contains buffer overflow in decoding mechanism

Overview A remotely exploitable buffer overflow exists in the Network Associates PGP Outlook Plug-in. Description As reported in eEye Digital Security Advisory AD20020710, a remotely exploitable buffer overflow exists in the PGP Outlook Plug-in. By sending a specially crafted message to a victim,...

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file operations

Overview The Common Desktop Environment CDE ToolTalk RPC database server does not adequately validate file operations and follows symbolic links, allowing a local attacker to overwrite any file that is writeable by the server. The ToolTalk RPC database server typically runs with root privileges...

Microsoft SQLXML ISAPI filter vulnerable to buffer overflow via contenttype parameter

Overview A buffer overflow vulnerability exists in the Microsoft SQLXML Internet Services Application Programming Interface ISAPI extension for Internet Information Server IIS. This vulnerability could allow a remote attacker to cause a denial of service or execute arbitrary code with LocalSystem...

MPEi/X Default FTP Accounts

The remote FTP server has one or more accounts with a blank password. This script was written by H D Moore See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title, changed family 11/04/10 include"compat.inc"; ifdescription scriptid11000; scriptversion "1.22";...

IPSwitch IMail SMTP Multiple Vulnerabilities (OF, DoS)

A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level access to servers running IMail's SMTP daemon versions 6.06 and below. The vulnerability stems from the IMail SMTP daemon not doing proper bounds checking on various input data that gets passed to the IMail...

Cisco ATA-186 Password Circumvention / Recovery

The remote host appears to be a Cisco ATA-186 - an analog telephone adapter used to interface analog telephones to VoIP networks. The adapter is configured via a web interface that has a security bypass vulnerability. It is possible to bypass authentication by sending an HTTP POST request with a...

Oracle Application Server contains format string vulnerability

Overview The CERT/CC is aware of a report about a "remotely exploitable format string vulnerability in Oracle Application Server" that could allow an unauthenticated, remote attacker to execute arbitrary code on a vulnerable system. Description Oracle Application Server uses the Apache HTTP Serve...

Oracle Web Cache contains buffer overflow vulnerabilities

Overview The CERT/CC is aware of a report about "several remotely exploitable buffer overflow vulnerabilities in the Oracle Web Cache Server" that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Web Cache process. Description The Oracle Web Cac...

Microsoft IIS .HTR ISAPI Filter Enabled

The IIS server appears to have the .HTR ISAPI filter mapped. At least one remote vulnerability has been discovered for the .HTR filter. This is detailed in Microsoft Advisory MS02-018, and gives remote SYSTEM level access to the web server. It is recommended that, even if you have patched this...

IBM AIX Parallel Systems Support Program (PSSP) contains vulnerability in File Collections subsystem allowing arbitrary access to sensitive configuration files

Overview IBM AIX Parallel Systems Support Programs PSSP contains a vulnerability allowing unauthorized access to files in valid file collections. Description IBM PSSP software is used to provide a central point of management control for a cluster of RS/6000 SP nodes and IBM pSeries and IBM RS/600...

Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled

Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to collect fragments of previously processed packets. Description Many networking devices running Cisco IOS with Cisco Express Forwarding CEF enabled contain a...

Compaq web-enabled management software buffer overflow vulnerability

Overview The Compaq web-enabled management software contains a buffer overflow. Remote intruders may be able to execute arbitrary code with privileges on affected systems. Many Compaq products are affected, from personal computers to commercial UNIX operating systems. Description The Compaq...

Weak CRC allows packet injection into SSH sessions encrypted with block ciphers

Overview There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. Description Preconditions: Attacker has a fragment of plaintext and its corresponding ciphertext. Attacker must be able to actively...

SSH CRC32 attack detection code contains remote integer overflow

Overview There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. Description There is a remote integer overflow vulnerability in several implementation...

Solaris in.fingerd Unused Accounts Disclosure

The remote Solaris finger daemon will return a list of accounts that have never been used when it receives the request : finger 'a b c d e f g h'@target A remote attacker could use this information to guess which operating system is running, or to mount further attacks on these accounts. C Tenabl...

IBM AIX digest buffer overflow in filename argument to command

Overview There is a buffer overflow in the digest command that may allow a local attacker to gain root privileges. Description The digest command is intended to be run by the qdaemon to generate a binary version of the queue configuration daemon information stored in /etc/qconfig. The digest...

IBM AIX setclock buffer overflow in remote timeserver argument

Overview There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Description The setclock command sets the system's clock from a remote time server. This command contains a buffer overflow in the handling of the remote timeserver hostname...