SwiftView ActiveX control and plug-in stack buffer overflow

Overview The SwiftView ActiveX control and plug-in contain a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SwiftView is software used to view or print PCL, HPGL, and TIFF files. SwiftSend is a product used f...

VERITAS Backup Exec uses hard-coded authentication credentials

Overview The VERITAS Backup Exec Remote Agent uses hard-coded authentication credentials. An attacker with knowledge of these credentials could access arbitrary files on a vulnerable system. Description VERITAS Backup Exec Remote Agent is a data backup and recovery solution with support for...

Microsoft Windows SMB packet validation vulnerability

Overview A vulnerability in the way that Microsoft Windows handles some SMB packets could allow remote attackers to execute code of their choosing on a vulnerable system. Description The Microsoft Server Message Block SMB, and its follow-on, Common Internet File System CIFS, are network protocols...

LibTIFF contains multiple integer overflows

Overview Multiple integer overflows in the LibTIFF library may allow an attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF format. A number of potential integer overflow errors exist in the LibTIFF library. A lack of...

ZIP archives containing files with large filenames can cause buffer overflows

Overview Multiple file decompression utilities contain buffer overflow vulnerabilities for which the impacts vary. Description Researchers at Rapid7, Inc. have discovered that multiple file decompression utilities are susceptible to buffer overflows as a result of large filenames embedded in...

WU-FTPD does not properly handle file name globbing

Overview SecurityFocus and CORE Security Technologies have reported a vulnerability in WU-FTPD. WU-FTPD does not handle file name globbing properly and may allow an attacker to execute arbitrary code. WU-FTPD is a widely-used FTP daemon that is included in many UNIX and Linux distributions. This...

IBM Lotus Domino server mailbox name stack buffer overflow

Overview The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server Description IBM Lotus Domino...

SysLINK M2M Modular Gateway contains multiple vulnerabilities

Overview The SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway contains multiple vulnerabilities. Description According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:CWE-259: Use of Hard-coded Password - CVE-2016-2331 By default, the device's we...

Oracle Outside In contains multiple exploitable vulnerabilities

Overview Oracle Outside In contains multiple exploitable vulnerabilities in its parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file formats...

Microsoft Internet Explorer HTML object memory corruption vulnerability

Overview An invalid pointer reference within Microsoft Internet Explorer may lead to execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability, which can result in an invalid pointer being accessed after an object is incorrectly initialized or...

The Ipswitch IMail Server is vulnerable to a buffer overflow

Overview The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Ipswitch Security Advisory 20061101:A vulnerability that allowed remote...

Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input

Overview The Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input to its methods. This could allow an attacker to cause the application using the ActiveX control to crash. Description Adobe Acrobat and Adobe Reader provide an ActiveX control to allow applications such as...

Apple Mac OS X AFP server stores reconnect keys in a world-readable file

Overview A vulnerability in Apple Mac OS X AFP server may allow an authenticated local user to access files or folders with the credentials of another user. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files from a server. In Apple's Mac OS X...

Microsoft Internet Explorer allows mouse events to manipulate window objects and perform "drag and drop" operations

Overview Microsoft Internet Explorer IE dynamic HTML DHTML mouse events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description In IE, certain DHT...

Samba contains a remotely exploitable stack buffer overflow

Overview A remotely exploitable stack buffer overflow exists in the Samba server daemon smbd. Description Versions 2.2.2 through 2.2.6 of Samba contain a remotely exploitable stack buffer overflow. The Samba Team describes Samba as follows:The Samba software suite is a collection of programs that...

Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets

Overview Internet Key Exchange IKE implementations from several vendors contain buffer overflows and denial-of-service conditions. The buffer overflow vulnerabilities could permit an attacker to execute arbitrary code on a vulnerable system. Description The CERT/CC has received a report describin...

SSH CRC32 attack detection code contains remote integer overflow

Overview There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. Description There is a remote integer overflow vulnerability in several implementation...

Telos Automated Message Handling System contains multiple vulnerabilities

Overview Telos Automated Message Handling System AMHS contains multiple XSS vulnerabilities and a database information disclosure vulnerability. Description Telos AMHS is a web-based messaging system that supports DoD and Intelligence Community IC security marking requirements. AMHS versions prio...

CodeLathe FileCloud is vulnerable to cross-site request forgery

Overview CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery CSRF. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2016-6578CodeLathe FileCloud is an "is an Enterprise File Access, Sync and Share solution that runs on-premise." FileCloud,...

Bomgar Remote Support Portal deserializes untrusted data

Overview Bomgar Remote Support version 14.3.1 and possibly earlier versions deserialize untrusted data without sufficient validation, allowing an attacker to potentially execute arbitrary PHP code. Description CWE-502: Deserialization of Untrusted Data Bomgar Remote Support version 14.3.1 and...

FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities

Overview Fortinet FortiGate and FortiWiFi appliances are susceptible to man-in-the-middle attacks CWE-300 and a heap-based overflow vulnerability CWE-122. Description Fortinet FortiGate and FortiWiFi 4.00.6 and possibly earlier versions are susceptible to man-in-the-middle attacks CWE-300 and a...

Bizagi BPM Suite contains multiple vulnerabilities

Overview Bizagi BPM Suite contains a reflected cross-site scripting vulnerability and a SQL injection vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-2947According to Open-Sec consultant Mauricio Urizar, all versions...

Ruckus Wireless Zoneflex 2942 Wireless Access Point vulnerable to authentication bypass

Overview Ruckus Wireless Zoneflex 2942 Wireless Access Point version 9.6.0.0.267 and possibly earlier versions contains an authentication bypass vulnerability CWE-592. Description CWE-592: Authentication Bypass Issues Ruckus Wireless Zoneflex 2942 Wireless Access Point version 9.6.0.0.267 contain...

Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability

Overview Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Description The CORE Security Technologies advisory states:"An out-of-bounds read error condition exists in...

GNU C library dynamic linker expands $ORIGIN in setuid library search path

Overview Certain versions of glibc unsafely handle the $ORIGIN ELF substitution sequence which can be exploited to gain local privilege escalation. Description Tavis Ormandy's advisory states:"$ORIGIN is an ELF substitution sequence representing the location of the executable being loaded in the...

Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control stack buffer overflows

Overview The Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Whale Communications Intelligent...

SoftArtisans XFile FileManager ActiveX control stack buffer overflows

Overview The SoftArtisans XFile FileManager ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SoftArtisans XFile is an ActiveX file transfer application. The XFile FileManager...

Microsoft Windows GDI+ ICO InfoHeader Height division by zero vulnerability

Overview Microsoft Windows GDI+ fails to properly handle ICO files, which could allow a remote, unauthenticated attacker to cause a denial-of-service condition. Description Microsoft Windows Graphics Device Interface GDI+ is an application programming interface API that provides programmers the...

Samba NDR MS-RPC heap buffer overflow

Overview Samba fails to properly handle malformed MS-RPC packets. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code. Description Samba is a widely used open-source implementation of Server Message Block SMB/Common Internet File System CIFS. Network Data...

Adobe Flash Player allowScriptAccess protection bypass vulnerability

Overview A vulnerability in Adobe Flash Player may allow a remote attacker to bypass allowScriptAccess protection. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe: The...

Microsoft Windows Kernel vulnerable to privilege escalation

Overview Microsoft Windows contains a privilege escalation vulnerability that could allow an authenticated, local attacker to gain complete control of the affected system. Description Winlogon is the component of Microsoft Windows responsible for interactive, security related functions. Upon logo...

Microsoft Internet Explorer HTML Document object cross-domain vulnerability

Overview Microsoft Internet Explorer contains a cross-domain vulnerability in how it handles redirected object data. This could allow an attacker to access the content of a web page in a different domain. Description The Cross-Domain Security Model IE uses a cross-domain security model to maintai...

Cisco PIX fails to verify TCP checksum

Overview Versions of Cisco PIX firewalls do not validate the checksum of transiting TCP packets. Attackers may be able to use this problem to create a sustained denial-of-service under certain conditions. Description Cisco PIX firewall systems are used to enforce site-specific network security...

tcpdump contains vulnerability in ISAKMP decoding function rawprint() in print-isakmp.c

Overview tcpdump contains a vulnerability in the way it parses Internet Security Association and Key Management Protocol ISAKMP packets. Description tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way the tcpdump rawprint function...

HTTP proxy default configurations allow arbitrary TCP connections

Overview Multiple vendors' HTTP proxy services use insecure default configurations that could allow an attacker to make arbitrary TCP connections to internal hosts or to external third-party hosts. Description HTTP proxy services commonly support the HTTP CONNECT method, which is designed to crea...

L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Overview Layer-2 L2 network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service DoS or to perform a...

Cylance Antivirus Products Susceptible to Concatenation Bypass

Overview The Cylance AI-based antivirus product, prior to July 21, 2019, contains flaws that allow an adversary to craft malicious files that the AV product will likely mistake for benign files. Description Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality...

Commvault Edge contains a buffer overflow vulnerability

Overview Commvault Edge, version 11 SP6 11.80.50.0, is vulnerable to a stack-based buffer overflow vulnerability. Description CWE-121: Stack-based Buffer Overflow - CVE-2017-3195A stack based buffer overflow in the Commvault Edge Communication Service cvd allows remote attackers to execute...

Crestron AirMedia AM-100 contains multiple vulnerabilities

Overview The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2016-5639 A path traversal vulnerability exists in login.cgi...

Embarcadero Delphi and C++Builder VCL BMP file processing buffer overflow

Overview Embarcadero Delphi and C++ Builder Visual Component Library VCL bitmap BMP file processing code contains a buffer overflow that could allow an attacker to execute arbitrary code. Description Embarcadero Delphi and C++ Builder tools contain a buffer overflow CWE-119 in VCL BMP file...

ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities

Overview ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00BFQ.6C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. Description ZyXEL Wireless N300 NetUSB Router NBG-419N running...

D-Link routers authenticate administrative access using specific User-Agent string

Overview Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be...

Supermicro IPMI based on ATEN firmware contain multiple vulnerabilities

Overview Supermicro Intelligent Platform Management Interface IPMI implementations based on ATEN firmware contain multiple vulnerabilities in their web management interface. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-3607The Supermicro IPMI web interface contains multiple buffer...

SAP AG SAPgui EAI WebViewer3D ActiveX control stack buffer overflow

Overview The Siemens Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D ActiveX control, which comes with SAPgui, contains a stack buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SAP AG SAPgui includes an...

GE Fanuc CIMPLICITY HMI heap buffer overflow

Overview GE Fanuc CIMPLICITY HMI contains a remotely accessible heap buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code. Description GE Fanuc CIMPLICITY HMI is software used for monitoring and control in Supervisory Control And Data Acquisition SCADA systems...

Apple QuickTime RTSP Content-Type header stack buffer overflow

Overview Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. The Appl...

Microsoft Cryptographic API Component Object Model Certificates ActiveX control contains a remote code execution vulnerability

Overview Microsoft Cryptographic API Component Object Model CAPICOM Certificates ActiveX control contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Microsoft Cryptographic API Component Object Model CAPICOM Certificates ActiveX...

PhpWiki fails to properly restrict uploaded files

Overview PhpWiki fails to properly restrict uploaded files, which can allow a remote attacker to execute arbitrary commands on a vulnerable system. Description PhpWiki is Wiki software that is implemented in PHP. PhpWiki includes an "UpLoad" feature that allows users to upload files. Files with a...

JBoss Application Server may not properly restrict access to the administrative interface

Overview The JBoss Application Server may allow unauthenticated, remote access to the administrative console. Description JBoss is an open source application server implemented in Java. Because it is Java-based, JBoss can be used on any operating system that supports Java. JBoss servers can be...

Oracle views fail to enforce table security settings

Overview A vulnerability in the way Oracle handles views may allow an attacker to modify privileged database information. Description Database Views A view is a queryable aggregation of data from one or more tables that is stored and maintained. The Problem A vulnerability in the way that Oracle...