Microsoft Outlook Web Access (OWA) contains cross-site scripting vulnerability in the "Compose New Message" form

Overview There is a cross-site scripting vulnerability in Microsoft Outlook Web Access. Description The "Compose New Message" form of the Outlook Web Access OWA component of Microsoft Exchange 5.5 contains a cross-site scripting vulnerability. For more information about cross-site scripting...

Microsoft Windows RPCSS Service contains heap overflow in DCOM request filename handling

Overview There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many version...

Microsoft Access Snapshot Viewer vulnerable to buffer overflow when validating parameters

Overview A remotely exploitable vulnerability exists in the Microsoft Access Snapshot Viewer ActiveX control. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the local system with the privileges of the current user. Description According to Microsoft'...

Microsoft SQL Server becomes unresponsive when large packet is sent to specific named pipe

Overview A vulnerability in Microsoft SQL Server may allow a local attacker to cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft describes SQL Server as, "a fully enterprise-class database product, providing core support for Extensible Marku...

Windows Media Player 9 ActiveX control does not adequately validate access to Windows Media Library

Overview An ActiveX control included with Windows Media Player 9 does not adequately validate script access to the Windows Media Library. This could allow an attacker to read or modify data contained in the library. Description Windows Media Player 9 includes an ActiveX control that can be used t...

Sun Solaris "/usr/lib/utmp_update" contains buffer overflow

Overview A vulnerability in Sun Solaris "/usr/lib/utmpupdate" may allow a local attacker to gain superuser privileges. Description A buffer overflow vulnerability exists in Sun Solaris "/usr/lib/utmpupdate". For more information, please see Sun Alert 55260. --- Impact A local attacker may be able...

Linux kernel IP stack incorrectly calculates size of an ICMP citation for ICMP errors

Overview The Linux 2.0 kernel contains a vulnerability in the way it processes ICMP errors. This could lead to portions of memory being leaked to a malicious user. Description The Linux 2.0 kernel versions 2.0 through 2.0.39 inclusive contains an error in the calculation of the size for an ICMP...

Cisco Catalyst switches allow access to "enable mode" without password

Overview Cisco Catalyst OS 7.51 contains a vulnerability that allows anyone who can obtain command line access to gain "enable" mode access without knowledge of the "enable" password. Description Cisco Catalyst OS is an operating system for Cisco's line of Catalyst switches. Version 7.51 of...

RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string for the "Describe" field

Overview The RealNetworks' Helix Universal Server supports delivery of several different media types over the Internet via RTSP Real Time Streaming Protocol. Vulnerabilities have been discovered in the way it handles some RTSP requests. These vulnerabilities could allow a remote attacker to execu...

SRT2003-04-01-1231 - Progress DLC overflows

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...

SGI IRIX "xfsdump" creates quota information files insecurely

Overview A vulnerability exists in xfsdump on SGI IRIX. Exploitation of this vulnerability may allow a local attacker to gain root privileges. Because other operating systems ship with xfsdump, vendors other than SGI may be affected. Description From the xfsdump man page:xfsdump backs up files an...

Css in Xoops module glossary 1.3.x

Author: Magistrat Date: 30/03/2003 Object: XOOPS glossary Module Input Filtering Bug Allows Remote Users to Conduct Cross-Site Scripting Attacks Impact: Disclosure of authentication information, Execution of arbitrary code via network, Modification of user information, User access via network Fix...

Sendmail < 8.8.4 Group Write File Hardlink Privilege Escalation

The remote Sendmail server, according to its version number, allows local users to write to a file and gain group permissions via a .forward or :include: file. C Tenable Network Security, Inc. Original script by Xue Yong Zhi Changes by Tenable: - Revised plugin title, output formatting 9/14/09 -...

Sendmail < 8.6.8 -debug Local Privilege Escalation

The remote Sendmail server, according to its version number, allows local users to gain root access via a large value in the debug -d command line option. C Tenable Network Security, Inc. Original script by Xue Yong Zhi Changes by Tenable: - Revised plugin title, output formatting 9/16/09 - Updat...

Moderate: Red Hat Security Advisory: : Updated OpenSSL packages fix timing attack

Updated OpenSSL packages are available that fix a potential timing-based attack. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose...

Cisco VPN 3000 Concentrator PPTP No Encryption Option Remote DoS (CSCdx39981)

The remote VPN concentrator is subject to a VPN client authentication vulnerability that can force a reload of the concentrator when a very large string for the username prompt is sent. This vulnerability is documented as Cisco bug ID CSCdx39981. C Tenable Network Security, Inc. Thanks to Nicolas...

Cisco VPN 3000 Concentrator Certificate Management Page HTML Source Certificate Password Disclosure (CSCdw50657)

The remote VPN concentrator discloses the certificate passwords of its users in the source HTML pages of the embedded web server. This vulnerability is documented as Cisco bug ID CSCdw50657. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help Ref:...

Cisco VPN 3000 Concentrator Multiple Vulnerabilities (CSCdt56514, CSCdv66718)

The remote VPN concentrator is vulnerable to an internal PPTP / IPSEC authentication login attack. This vulnerability is documented as Cisco bug ID CSCdt56514. C Tenable Network Security, Inc. Thanks to Nicolas FISCHBACH [email protected] for his help include"compat.inc"; ifdescription...

Cisco Catalyst Switches Embedded HTTP Server Long HTTP Request DoS (CSCdy26428)

The remote switch is vulnerable to a buffer overflow in its embedded HTTP server. An attacker may use this flaw to make your switch reboot continuously, resulting in a denial of service. This vulnerability is documented with the CISCO bug ID CSCdy26428. C Tenable Network Security, Inc...

PHP-Nuke code execution and XSS vulnerabilities

PHP-Nuke code execution and XSS vulnerabilities PROGRAM: PHP-Nuke VENDOR: Fransisco Burzi et al. HOMEPAGE: http://phpnuke.org/ VULNERABLE VERSIONS: 6.0 the only supported version IMMUNE VERSIONS: 6.0 with my patch applied LOGIN REQUIRED: no DESCRIPTION: "PHP-Nuke is a Web portal and online...