3704 matches found
SSH CRC32 attack detection code contains remote integer overflow
Overview There is a remote integer overflow vulnerability in several implementations of the SSH1 protocol that allows an attacker to execute arbitrary code with the privileges of the SSH daemon, typically root. Description There is a remote integer overflow vulnerability in several implementation...
IIS decodes filenames superfluously after applying security checks
Overview Microsoft IIS decodes filenames after applying security checks, allowing an attacker to execute commands. Description To accomodate complex URIs, RFC 2396 specifies a means to encode arbitrary octets using hexadecimal characters and the percent sign %. Quoting from RFC 2396: An escaped...
HHControl Object (showHelp) may execute shortcuts embedded in help files
Overview The HHCtrl ActiveX control has a serious vulnerability that allows remote intruders to execute arbitrary code, if the intruder can cause a compiled help file CHM to be stored "locally." Microsoft has released a security bulletin and a patch for this vulnerability, but the patch does not...
Python Parsing Error Enabling Bypass CVE-2023-24329
Overview urllib.parse is a very basic and widely used basic URL parsing function in various applications. Description An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. urlparse has a...
Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates
Overview Space Coast Credit Union SCCU Mobile for Android, version 2.1.0.1104 and earlier, and for iOS, version 2.2 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295:...
Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities
Overview Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery CSRF. Description CWE-255: Credentials Management -...
SwiftView ActiveX control and plug-in stack buffer overflow
Overview The SwiftView ActiveX control and plug-in contain a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SwiftView is software used to view or print PCL, HPGL, and TIFF files. SwiftSend is a product used f...
Microsoft Windows GDI+ ICO InfoHeader Height division by zero vulnerability
Overview Microsoft Windows GDI+ fails to properly handle ICO files, which could allow a remote, unauthenticated attacker to cause a denial-of-service condition. Description Microsoft Windows Graphics Device Interface GDI+ is an application programming interface API that provides programmers the...
Mozilla Layout Engine memory corruption vulnerabilities
Overview The Mozilla layout engine contains multiple vulnerabilities that may lead to memory corruption. These vulnerabilities may allow an attacker to execute code or cause a denial-of-service condition. Description The Mozilla Layout Engine contains an multiple vulnerabilities that may result i...
Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input
Overview The Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input to its methods. This could allow an attacker to cause the application using the ActiveX control to crash. Description Adobe Acrobat and Adobe Reader provide an ActiveX control to allow applications such as...
ZIP archives containing files with large filenames can cause buffer overflows
Overview Multiple file decompression utilities contain buffer overflow vulnerabilities for which the impacts vary. Description Researchers at Rapid7, Inc. have discovered that multiple file decompression utilities are susceptible to buffer overflows as a result of large filenames embedded in...
Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets
Overview Internet Key Exchange IKE implementations from several vendors contain buffer overflows and denial-of-service conditions. The buffer overflow vulnerabilities could permit an attacker to execute arbitrary code on a vulnerable system. Description The CERT/CC has received a report describin...
WU-FTPD does not properly handle file name globbing
Overview SecurityFocus and CORE Security Technologies have reported a vulnerability in WU-FTPD. WU-FTPD does not handle file name globbing properly and may allow an attacker to execute arbitrary code. WU-FTPD is a widely-used FTP daemon that is included in many UNIX and Linux distributions. This...
IBM Lotus Domino server mailbox name stack buffer overflow
Overview The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server Description IBM Lotus Domino...
Accellion FTP server contains information exposure and cross-site scripting vulnerabilities
Overview The Accellion FTP server prior to version FTA912220 is vulnerable to cross-site scripting and information exposure. Description CWE-204: Response Discrepancy Information Exposure- CVE-2016-9499Accellion FTP server only returns the username in the server response if the a username is...
SysLINK M2M Modular Gateway contains multiple vulnerabilities
Overview The SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway contains multiple vulnerabilities. Description According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:CWE-259: Use of Hard-coded Password - CVE-2016-2331 By default, the device's we...
Bomgar Remote Support Portal deserializes untrusted data
Overview Bomgar Remote Support version 14.3.1 and possibly earlier versions deserialize untrusted data without sufficient validation, allowing an attacker to potentially execute arbitrary PHP code. Description CWE-502: Deserialization of Untrusted Data Bomgar Remote Support version 14.3.1 and...
Belkin N150 path traversal vulnerability
Overview Belkin N150 wireless routers contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2014-2962Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a path traversal vulnerability...
D-Link routers authenticate administrative access using specific User-Agent string
Overview Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be...
Coursemill Learning Management System contains multiple vulnerabilities
Overview Coursemill Learning Management System version 6.6 and 6.8 contains multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web Parameter - CVE-2013-3599In Coursemill 6.6, when loading the home page /coursemill/cm0660/home.html the response to the userlogin.js...
Ruby on Rails Action Pack framework insecurely typecasts YAML and Symbol XML parameters
Overview The Ruby on Rails Action Pack framework is susceptible to authentication bypass, SQL injection, arbitrary code execution, or denial of service. Description The Ruby on Rails advisory states:"Multiple vulnerabilities in parameter parsing in Action Pack There are multiple weaknesses in the...
Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability
Overview Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition. Description The CORE Security Technologies advisory states:"An out-of-bounds read error condition exists in...
Oracle Outside In contains multiple exploitable vulnerabilities
Overview Oracle Outside In contains multiple exploitable vulnerabilities in its parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file formats...
BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses
Overview A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses. Description BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC: There was an error in the DNSSEC NSEC/NSEC3 validation code that cou...
Microsoft Internet Explorer HTML object memory corruption vulnerability
Overview An invalid pointer reference within Microsoft Internet Explorer may lead to execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability, which can result in an invalid pointer being accessed after an object is incorrectly initialized or...
Samba NDR MS-RPC heap buffer overflow
Overview Samba fails to properly handle malformed MS-RPC packets. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code. Description Samba is a widely used open-source implementation of Server Message Block SMB/Common Internet File System CIFS. Network Data...
Microsoft Windows Vista CSRSS privilege escalation vulnerability
Overview The Microsoft Windows Client/Server Run-time Subsystem CSRSS process fails to properly handle error messages. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Client/Server Run-time Subsystem CSRSS is an essential subsystem. CSRSS is responsib...
The Ipswitch IMail Server is vulnerable to a buffer overflow
Overview The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Ipswitch Security Advisory 20061101:A vulnerability that allowed remote...
Adobe Flash Player allowScriptAccess protection bypass vulnerability
Overview A vulnerability in Adobe Flash Player may allow a remote attacker to bypass allowScriptAccess protection. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe: The...
Apple Mac OS X AFP server stores reconnect keys in a world-readable file
Overview A vulnerability in Apple Mac OS X AFP server may allow an authenticated local user to access files or folders with the credentials of another user. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files from a server. In Apple's Mac OS X...
Cisco PIX fails to verify TCP checksum
Overview Versions of Cisco PIX firewalls do not validate the checksum of transiting TCP packets. Attackers may be able to use this problem to create a sustained denial-of-service under certain conditions. Description Cisco PIX firewall systems are used to enforce site-specific network security...
Yamaha MusicCAST MCX-1000 wireless network interface operates in Access Point mode by default
Overview The Yamaha MusicCAST MCX-1000 server wireless networking interface is enabled by default, cannot be disabled, and operates in Access Point mode. A remote attacker could access the MusicCAST wireless network and potentially any other network connected to the MusicCAST. Description The...
tcpdump contains vulnerability in ISAKMP decoding function rawprint() in print-isakmp.c
Overview tcpdump contains a vulnerability in the way it parses Internet Security Association and Key Management Protocol ISAKMP packets. Description tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way the tcpdump rawprint function...
Telos Automated Message Handling System contains multiple vulnerabilities
Overview Telos Automated Message Handling System AMHS contains multiple XSS vulnerabilities and a database information disclosure vulnerability. Description Telos AMHS is a web-based messaging system that supports DoD and Intelligence Community IC security marking requirements. AMHS versions prio...
CodeLathe FileCloud is vulnerable to cross-site request forgery
Overview CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery CSRF. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2016-6578CodeLathe FileCloud is an "is an Enterprise File Access, Sync and Share solution that runs on-premise." FileCloud,...
FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities
Overview Fortinet FortiGate and FortiWiFi appliances are susceptible to man-in-the-middle attacks CWE-300 and a heap-based overflow vulnerability CWE-122. Description Fortinet FortiGate and FortiWiFi 4.00.6 and possibly earlier versions are susceptible to man-in-the-middle attacks CWE-300 and a...
Bizagi BPM Suite contains multiple vulnerabilities
Overview Bizagi BPM Suite contains a reflected cross-site scripting vulnerability and a SQL injection vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-2947According to Open-Sec consultant Mauricio Urizar, all versions...
Ruckus Wireless Zoneflex 2942 Wireless Access Point vulnerable to authentication bypass
Overview Ruckus Wireless Zoneflex 2942 Wireless Access Point version 9.6.0.0.267 and possibly earlier versions contains an authentication bypass vulnerability CWE-592. Description CWE-592: Authentication Bypass Issues Ruckus Wireless Zoneflex 2942 Wireless Access Point version 9.6.0.0.267 contain...
Supermicro IPMI based on ATEN firmware contain multiple vulnerabilities
Overview Supermicro Intelligent Platform Management Interface IPMI implementations based on ATEN firmware contain multiple vulnerabilities in their web management interface. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-3607The Supermicro IPMI web interface contains multiple buffer...
GNU C library dynamic linker expands $ORIGIN in setuid library search path
Overview Certain versions of glibc unsafely handle the $ORIGIN ELF substitution sequence which can be exploited to gain local privilege escalation. Description Tavis Ormandy's advisory states:"$ORIGIN is an ELF substitution sequence representing the location of the executable being loaded in the...
Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control stack buffer overflows
Overview The Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Whale Communications Intelligent...
SAP AG SAPgui EAI WebViewer3D ActiveX control stack buffer overflow
Overview The Siemens Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D ActiveX control, which comes with SAPgui, contains a stack buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SAP AG SAPgui includes an...
SoftArtisans XFile FileManager ActiveX control stack buffer overflows
Overview The SoftArtisans XFile FileManager ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SoftArtisans XFile is an ActiveX file transfer application. The XFile FileManager...
GE Fanuc CIMPLICITY HMI heap buffer overflow
Overview GE Fanuc CIMPLICITY HMI contains a remotely accessible heap buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code. Description GE Fanuc CIMPLICITY HMI is software used for monitoring and control in Supervisory Control And Data Acquisition SCADA systems...
Apple QuickTime RTSP Content-Type header stack buffer overflow
Overview Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. The Appl...
Invensys Wonderware InTouch creates insecure NetDDE share
Overview Invensys Wonderware InTouch 8.0 creates a NetDDE share that could allow an attacker to run arbitrary programs. Description Invensys Wonderware InTouch HMI Software is used in Supervisory Control And Data Acquisition SCADA systems.Dynamic Data Exchange DDE was designed to allow Microsoft...
Microsoft Cryptographic API Component Object Model Certificates ActiveX control contains a remote code execution vulnerability
Overview Microsoft Cryptographic API Component Object Model CAPICOM Certificates ActiveX control contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Microsoft Cryptographic API Component Object Model CAPICOM Certificates ActiveX...
JBoss Application Server may not properly restrict access to the administrative interface
Overview The JBoss Application Server may allow unauthenticated, remote access to the administrative console. Description JBoss is an open source application server implemented in Java. Because it is Java-based, JBoss can be used on any operating system that supports Java. JBoss servers can be...
Microsoft Windows Kernel vulnerable to privilege escalation
Overview Microsoft Windows contains a privilege escalation vulnerability that could allow an authenticated, local attacker to gain complete control of the affected system. Description Winlogon is the component of Microsoft Windows responsible for interactive, security related functions. Upon logo...
Microsoft Internet Explorer HTML Document object cross-domain vulnerability
Overview Microsoft Internet Explorer contains a cross-domain vulnerability in how it handles redirected object data. This could allow an attacker to access the content of a web page in a different domain. Description The Cross-Domain Security Model IE uses a cross-domain security model to maintai...