94 matches found
KDE Security Advisory: KGhostview Arbitary Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: KGhostview Arbitary Code Execution Original Release Date: 2002-10-08 URL: http://www.kde.org/info/security/advisory-20021008-1.txt 0. References cve.mitre.org: CAN-2002-0838 BUGTRAQ:20020926 iDEFENSE Security Advisory 09.26.2002...
ypxfrd daemon fails to properly validate user supplied arguments in "getdbm" procedure
Overview A vulnerability in the ypxfrd daemon may allow a local attacker to read arbitrary files on the vulnerable system. Description Janusz Niewiadomski, of iSEC, discovered this vulnerability and produced the following advisory.Issue: ====== Improper arguments validation in ypxfrd may allow...
Sun Solaris asppls(1M) vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview Sun Solaris asppls1M creates temporary files insecurely, leading to possible local root compromise. Description Sun Microsystems describes the function of asppls1M as follows:aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point...
Microsoft Word does not adequately validate macros embedded within malformed Word documents
Overview There is a vulnerability caused by a failure to detect macros embedded in Microsoft Word documents. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description Microsoft Word versions including Word 2002,...
Entrust GetAccess does not validate user input thereby allowing users to read arbitrary files
Overview Entrust GetAccess does not properly validate the CGI variable "LOCALE" and may be exploited to read arbitrary files on the server. Description Entrust GetAccess is a web software product for identifying users of a web site. Entrust GetAccess takes a CGI variable named "LOCALE" specifying...
IBM AIX vulnerable to buffer overflow in RCP
Overview IBM AIX contains a buffer-overflow vulnerability that may allow remote attackers to gain root privileges. Description Some versions of IBM AIX used unbounded string operators. This problem was corrected in AIXV4 by changing the unbounded operators to their bounded equivalents. --- Impact...
HP Tru64 UNIX "dxpause" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "dxpause" contains a locally exploitable buffer overflow. Description "dxpause" is used to lock a display. A locally exploitable buffer overflow in "dxpause" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "deliver" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "deliver" contains a locally exploitable buffer overflow. Description "deliver" is used to deliver mail to an IMAP mailbox . A locally exploitable buffer overflow in "deliver" may permit a local attacker to gain elevated privileges and execute arbitrar...
HP Tru64 UNIX "uucp" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uucp" contains a locally exploitable buffer overflow. Description "uucp" is used to copy files between hosts. A locally exploitable buffer overflow in "uucp" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "inc" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "inc" contains a locally exploitable buffer overflow. Description "inc" is used to incorporate new mail. A locally exploitable buffer overflow in "inc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable...
HP Tru64 UNIX "uux" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uux" contains a locally exploitable buffer overflow. Description "uux" is used to run a command on a remote system. A locally exploitable buffer overflow in "uux" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
Microsoft Windows Network Connection Manager (NCM) handler routine may execute code with LocalSystem privileges
Overview A locally exploitable vulnerability exists in the Microsoft Windows 2000 Network Connection Manager NCM. Exploitation of this vulnerability may permit a local user to gain full privileges on the system. Description Microsoft Windows 2000 Network Connection Manager NCM provides routines t...
Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) executes code as Local System
Overview The Windows 2000 Network DDE agent permits local users to execute commands with system privileges. Description Dynamic Data Exchange DDE is an interprocess communication mechanism used in Microsoft Windows. A DDE share is an area of memory which is used to store and retrieve data. Networ...
Buffer overflow in Windows Multiple UNC Provider (MUP) service
Overview A buffer overflow in the Microsoft Windows Multiple UNC Provider MUP could allow a local user to execute code with system privileges. Description Microsoft Windows recognizes resources identified by the Uniform Naming Convention UNC. Requests for resources identified by UNC references ar...
Oracle Reports Server Reports Web Cartridge (RWCGI60) vulnerable to buffer overflow via database name parameter
Overview A buffer overflow vulnerability in Oracle Reports Server 6i could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Reports Server process. Description Oracle Reports Server is a component of Oracle Application Server that handles client...
Quake II Server performs console variable expansion on client-supplied input values
Overview The Quake II Server contains an information leakage vulnerability that allows remote attackers to gain control of the game server process. Description The Quake II Server responds to console commands from Quake II clients to perform a variety of game and server management functions. Both...
Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface
Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to reboot affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional functionality allows a CS...
iXsecurity.20020314.csadmin_fmt.a
iXsecurity Security Vulnerability Report No: iXsecurity.20020314.csadminfmt.a ======================================== Vulnerability Summary --------------------- Problem: Cisco Secure ACS webserver has a format string vulnerability. Threat: An attacker could send an "invalid" URL to the webserve...
iXsecurity.20020313.nw6remotemanager.a
iXsecurity Security Vulnerability Report No: iXsecurity.20020313.nw6remotemanager.a ========================================== Vulnerability Summary --------------------- Problem: The Netware 6 Remote Manager, which is a web-based interface for managing the server, has a buffer overflow condition...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via cache directory name
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service or execute arbitrary code on the system...