3704 matches found
Multiple D-Link routers vulnerable to remote command execution
Overview Multiple D-Link routers are vulnerable to unauthenticated remote command execution. Description Several D-Link routers contain CGI capability that is exposed to users as /applysec.cgi, and dispatched on the device by the binary /www/cgi/ssi. This CGI code contains two flaws: 1. The...
Commvault Edge Server deserializes cookie data insecurely
Overview Commvault Edge Server, version 10 R2, deserializes untrusted, user-provided cookie data, resulting in arbitrary OS command execution with the web server's privileges. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-7253Commvault Edge Server, version 10 R2, deserializes...
TestRail cross-site scripting vulnerability
Overview TestRail version 3.1.1.3130 contains a cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Gurock Software TestRail version 3.1.1.3130 contains a stored cross-site scripting vulnerability. The Created ...
QNAP VioStor NVR firmware version 4.0.3 and QNAP NAS multiple vulnerabilities
Overview QNAP VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS contains multiple vulnerabilities which may allow an attacker to perform administrative functions against the hosted server. Description QNAP VioStor NVR firmware version 4.0.3 and possibly earlier version...
McAfee ePolicy Orchestrator 4.6.4 and earlier pre-authenticated SQL injection and directory path traversal vulnerabilities
Overview McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticated sql injection and directory path traversal vulnerability which could allow an attacker to inject malicious code into the system. Description McAfee ePolicy Orchestrator 4.6.4 and earlier contains a pre-authenticat...
VeriCentre web application SQL injection vulnerability
Overview The VeriCentre web application contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'The VeriCentre web application contains a SQL injection vulnerability within the TerminalId, ModelName, and...
Adobe Reader EScript.api arbitrary code execution
Overview The Adobe Acrobat Reader contains a vulnerability that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files insi...
CREDANT Mobile Guardian Shield fails to remove credentials from memory
Overview CREDANT Mobile Guardian Shield fails to properly remove credentials from memory, which may allow an attacker to obtain access to the Windows domain and encrypted drive contents. Description CREDANT Mobile Guardian CMG Shield is a component of Mobile Guardian Enterprise Edition. CMG Shiel...
WMI Object Broker ActiveX Control bypasses ActiveX security model
Overview The Microsoft WMI Object Broker ActiveX control bypasses the ActiveX security model, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software...
Debian CVS "pserver" remote access authentication bypass vulnerability
Overview Debian Concurrent Versions System CVS remote repositories using "pserver" with the cvs-repouid Debian patch are vulnerable to authentication bypass. Description CVS is a version control and source code maintenance system that is widely used by open-source software development projects.Th...
MySQL fails to properly evaluate zero-length strings in the check_scramble_323() function
Overview There is a vulnerability in the password authentication mechanism of MySQL which could allow an attacker to bypass authentication by supplying a zero-length string. Description MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating...
Microsoft Windows logon process fails contains a buffer overflow during the logon process
Overview The Windows Logon process Winlogon contains a vulnerability that may permit a remote attacker to execute arbitrary code on the system. Description The Windows logon process Winlogon containss a buffer overflow vulnerability during the processeing of the domain value. It fails to perform...
Microsoft Private Communication Technology (PCT) fails to properly validate message inputs
Overview A vulnerability exists in the Private Communications Transport PCT protocol, which is part of the Microsoft Secure Sockets Layer SSL library. Exploitation of this vulnerability may permit a remote attacker to compromise the system. An exploit for this issue currently being used to...
OpenSSL contains multiple buffer overflows in buffers that are used to hold ASCII representations of integers
Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Description OpenSSL clients and servers running on 64-bit platforms prior to version 0.9.6e and pre-release...
Microsoft Outlook View Control allows execution of arbitrary code and manipulation of user data
Overview A vulnerability exists in an ActiveX control supplied with Microsoft Outlook 2002 that could allow malicious code on a web page or in an HTML email message to manipulate Outlook data or execute arbitrary code as the user running Outlook. Description Microsoft Outlook 2002 installs an...
SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies
Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences essentially the end of a single email message in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description...
Diebold Nixdorf ProCash 2100xe USB ATM does not adequately secure communications between CCDM and host
Overview Diebold Nixdorf 2100xe USB automated teller machines ATMs are vulnerable to physical attacks on the communication channel between the cash and check deposit module CCDM and the host computer. An attacker with physical access to internal ATM components may be able to exploit this...
HPE SiteScope contains multiple vulnerabilities
Overview HPE's SiteScope is vulnerable to several cryptographic issues, insufficiently protected credentials, and missing authentication. Description HPE's SiteScope is vulnerable to several vulnerabilities. The researcher reports that version 11.31.461 is affected; other versions may also be...
Telerik Analytics Monitor Library allows DLL hijacking
Overview Telerik Analytics Monitor Library is a third-party application analytics service that collects detailed application metrics for vendors. Some versions of the Telerik library allow DLL hijacking, allowing an attacker to load malicious code in the context of the Telerik-based application...
Dell KACE K2000 Appliance contains backdoor administrator account
Overview The Dell KACE K2000 System Deployment Appliance contains a hidden administrator account that could allow a remote attacker to take control of an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating...
Java Deployment Toolkit insufficient argument validation
Overview The Sun Java Deployment Toolkit plugin and ActiveX control perform insufficient argument validation, allowing an attacker to perform several attacks, including the execution of an arbitrary JAR file. Description The Sun Java Deployment Toolkit contains an NPAPI Netscape compatible plugin...
Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32
Overview Wyse Simple Imager WSI includes older versions version of TFTPD32 that contains publicly known vulnerabilities. An attacker could exploit these vulnerabilities to potentially execute arbitrary code on the system running WSI and TFTPD32. Description Wyse Simple Imager WSI is a component o...
Microsoft Windows Internet Printing Protocol service integer overflow
Overview The Microsoft Windows Internet Printing Protocol IPP service contains an integer overflow vulnerability, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description IPP is an IP-based network protocol that allows remote printing and printer management...
ISC BIND denial of service vulnerability
Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. BIND version 9.4.0...
Apple ColorSync buffer overflow vulnerability
Overview Apple ColorSync contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description ColorSync is Apple's color management API. OS X applications and devices can use ColorSync profiles to determine how colors in images should be interpreted.ColorSync...
OpenOffice.org may fail to properly contain certain Java applets
Overview The OpenOffice.org team has reported a vulnerability in how the 1.1 and 2.0 versions of OpenOffice.org handle certain Java applets. Description OpenOffice.org is an office suite that is available for multiple operating systems, including Windows, Linux, Apple Mac OS X, and BSD. It includ...
Microsoft Plug and Play fails to properly validate user supplied data
Overview Microsoft Plug and Play contains a flaw in message buffer handling that may result in local or remote arbitrary code execution or a denial-of-service condition. Description The following is from the Microsoft Plug and Play description: Plug and Play PnP allows the operating system to...
EMC Legato NetWorker database services use insufficient authentication
Overview The EMC Legato NetWorker database services use weak authentication, allowing a remote attacker to gain root access to the server. Description EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun Microsystems as Solstice Backup and StorEdg...
Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization
Overview Secure shell SSH transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. A remote attacker could execute arbitrary code with the privileges of the SSH...
Silicon Labs Z-Wave chipsets contain multiple vulnerabilities
Overview Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are inherent in Z-Wave protocol specifications. Description Z-Wave devices based on Silicon Labs chipsets...
mDNSResponder contains multiple memory-based vulnerabilities
Overview mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference. Description CWE-120:...
Verizon Fios Actiontec model MI424WR-GEN3I router vulnerable to cross-site request forgery
Overview The Verizon FIOS Actiontec router model MI424WR-GEN3I is susceptible to cross-site request forgery attacks. CWE-352 Description The Verizon FIOS Actiontec router model MI424WR-GEN3I is susceptible to cross-site request forgery attacks. CWE-352 A remote attacker that is able to trick a us...
GNU libc regcomp() stack exhaustion denial of service
Overview The regcomp function of GNU libc is susceptible to stack exhaustion which may result in a denial of service. Description It is possible to trigger deep recursion which results in stack exhaustion. An example trigger is: grep -E ".10,10,10,10,10," --- Impact An attacker may be able to...
Wyse ThinOS LPD service buffer overflow vulnerability
Overview Wyse ThinOS HF 4.4.079i has a buffer overflow vulnerability in the LPD service 515/tcp. Description The LPD service 515/tcp on Wyse ThinOS HF 4.4.079i crashes when a long buffer is sent to it. This condition may exist in all versions before Wyse ThinOS 6.5. --- Impact An attacker can cau...
VERITAS Backup Exec uses hard-coded authentication credentials
Overview The VERITAS Backup Exec Remote Agent uses hard-coded authentication credentials. An attacker with knowledge of these credentials could access arbitrary files on a vulnerable system. Description VERITAS Backup Exec Remote Agent is a data backup and recovery solution with support for...
Mozilla Firefox executes JavaScript in the "IconURL" parameter of "InstallTrigger.install()" with chrome privileges
Overview Mozilla Firefox may execute JavaScript contained within the IconURL parameter of InstallTrigger.install with chrome privileges. This may allow an attacker to execute arbitrary commands on a vulnerable system. Description XPInstallXPInstall is a cross-platform software installation method...
Microsoft CIS and RPC over HTTP Proxy components fail to properly handle responses
Overview A vulnerability in a Microsoft HTTP Proxy component may lead to a denial of service. Description Microsoft's COM Internet Sevices CIS and Remote Procedure Call RPC over HTTP Proxy contain a vulnerability that could permit an attacker to cause a denial of service. When a forwarded request...
Ethereal contains multiple vulnerabilities in the IGAP protocol dissector
Overview Ethereal contains multiple buffer overflows in the Internet Group Membership Authentication Protocol IGAP protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It...
Yahoo! Audio Conferencing ActiveX control vulnerable to buffer overflow
Overview A remotely exploitable buffer overflow vulnerability has been discovered in the Yahoo! Audio Conferencing ActiveX control. Description The Yahoo! Audio Conferencing ActiveX control is used in the web-based Yahoo! Chat service, as well as in the Win32 Yahoo! Messenger application. There i...
Samba contains a remotely exploitable stack buffer overflow
Overview A remotely exploitable stack buffer overflow exists in the Samba server daemon smbd. Description Versions 2.2.2 through 2.2.6 of Samba contain a remotely exploitable stack buffer overflow. The Samba Team describes Samba as follows:The Samba software suite is a collection of programs that...
Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries
Overview Huawei Mobile WiFi E5151, firmware version 21.141.13.00.1080, and E5186, firmware version V200R001B306D01C00, use insufficiently random values for DNS queries and are vulnerable to DNS spoofing attacks. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-8265Huawei Mobile...
OpenSSL leaks ECDSA private key through a remote timing attack
Overview The OpenSSL ladder implementation for scalar multiplication of points on elliptic curves over binary fields is susceptible to a timing attack vulnerability. This vulnerability can be used to steal the private key of a TLS server that authenticates with ECDSA signatures and binary curves...
TCP may keep its offered receive window closed indefinitely (RFC 1122)
Overview Part of the Transmission Control Protocol TCP specification RFC 1122 allows a receiver to advertise a zero byte window, instructing the sender to maintain the connection but not send additional TCP payload data. The sender should then probe the receiver to check if the receiver is ready ...
Java Runtime Environment Image Parsing Code buffer overflow vulnerability
Overview The Sun Java Runtime Environment contains a buffer overflow vulnerability that may allow an attacker to execute code or read local files. Description The Java Runtime Environment JRE is a group software packages from Sun Microsystems that allow a computer to access and use Java...
OpenSSL SSLv2 client code fails to properly check for NULL
Overview A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Description The OpenSSL toolkit implements the Secure Sockets Layer SSL versions 2 and 3 and Transport Layer Security TLS version 1 protocols as well as a general purpose...
Microsoft Distributed Transaction Coordinator vulnerable to buffer overflow via specially crafted network message
Overview Microsoft Distributed Transaction Coordinator MSDTC may be vulnerable to a flaw that allows remote unauthenticated attackers to execute arbitrary code. Description The Microsoft Distributed Transaction Coordinator MSDTC is described by Microsoft as "distributed transaction facility for...
Microsoft Windows SMB packet validation vulnerability
Overview A vulnerability in the way that Microsoft Windows handles some SMB packets could allow remote attackers to execute code of their choosing on a vulnerable system. Description The Microsoft Server Message Block SMB, and its follow-on, Common Internet File System CIFS, are network protocols...
LibTIFF contains multiple integer overflows
Overview Multiple integer overflows in the LibTIFF library may allow an attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF format. A number of potential integer overflow errors exist in the LibTIFF library. A lack of...
libpng png_handle_sBIT() performs insufficient bounds checking
Overview The Portable Network Graphics library libpng contains a flaw that could introduce a remotely exploitable vulnerability. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format GIF. The libpng...
Microsoft Internet Explorer allows mouse events to manipulate window objects and perform "drag and drop" operations
Overview Microsoft Internet Explorer IE dynamic HTML DHTML mouse events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description In IE, certain DHT...