3704 matches found
uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
Overview The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environmen...
Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks
Overview The Replay Protected Memory Block RPMB protocol found in several storage specifications does not securely protect against replay attacks. An attacker with physical access can deceive a trusted component about the status of an RPBM write command or the content of an RPMB area. Description...
Microsoft Office for Mac cannot properly disable XLM macros
Overview The Microsoft Office for Mac option "Disable all macros without notification" enables XLM macros without prompting, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description XLM macros Up to and including Microsoft Excel 4.0, a macro...
Cylance Antivirus Products Susceptible to Concatenation Bypass
Overview The Cylance AI-based antivirus product, prior to July 21, 2019, contains flaws that allow an adversary to craft malicious files that the AV product will likely mistake for benign files. Description Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality...
Commvault Edge contains a buffer overflow vulnerability
Overview Commvault Edge, version 11 SP6 11.80.50.0, is vulnerable to a stack-based buffer overflow vulnerability. Description CWE-121: Stack-based Buffer Overflow - CVE-2017-3195A stack based buffer overflow in the Commvault Edge Communication Service cvd allows remote attackers to execute...
Open Dental uses blank database password by default
Overview Open Dental is medical dental records management software. Open Dental version 16.1, and previous versions, installs with a blank root database MySQL password by default.. An attacker with network access to an Open Dental MySQL database could read, modify, or delete data. This...
Crestron AirMedia AM-100 contains multiple vulnerabilities
Overview The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2016-5639 A path traversal vulnerability exists in login.cgi...
Embarcadero Delphi and C++Builder VCL BMP file processing buffer overflow
Overview Embarcadero Delphi and C++ Builder Visual Component Library VCL bitmap BMP file processing code contains a buffer overflow that could allow an attacker to execute arbitrary code. Description Embarcadero Delphi and C++ Builder tools contain a buffer overflow CWE-119 in VCL BMP file...
ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilities
Overview ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00BFQ.6C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. Description ZyXEL Wireless N300 NetUSB Router NBG-419N running...
Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability
Overview Microsoft Internet Explorer 8 contains a use-after-free vulnerability in the CGenericElement object, which is currently being exploited in the wild. Description Microsoft Security Advisory 2847140 states:Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer...
libpng fails to properly initialize element pointers
Overview Libpng contains a vulnerability in the way element pointers are handled. Description A vulnerability in the way libpng handles element pointers may result in uninitialized element pointers. This vulnerability is due to an off-by-one error introduced in multiple functions in libpng-0.89c...
InstallShield / Macrovision / Acresso FLEXnet Connect insecurely retrieves and executes scripts
Overview Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Acresso FLEXnet Connect is a software package that allows vendors to provide...
Postfix local privilege escalation
Overview The Postfix MTA contains a local privilege escalation vulnerability. Description Postfix is an mail transport agent MTA that is used by several Unix-like operating systems. Symbolic links and hard links are types of files that reference other files. Unlike hard links, symbolic links can...
Invensys Wonderware InTouch creates insecure NetDDE share
Overview Invensys Wonderware InTouch 8.0 creates a NetDDE share that could allow an attacker to run arbitrary programs. Description Invensys Wonderware InTouch HMI Software is used in Supervisory Control And Data Acquisition SCADA systems.Dynamic Data Exchange DDE was designed to allow Microsoft...
PhpWiki fails to properly restrict uploaded files
Overview PhpWiki fails to properly restrict uploaded files, which can allow a remote attacker to execute arbitrary commands on a vulnerable system. Description PhpWiki is Wiki software that is implemented in PHP. PhpWiki includes an "UpLoad" feature that allows users to upload files. Files with a...
JBoss Application Server may not properly restrict access to the administrative interface
Overview The JBoss Application Server may allow unauthenticated, remote access to the administrative console. Description JBoss is an open source application server implemented in Java. Because it is Java-based, JBoss can be used on any operating system that supports Java. JBoss servers can be...
Oracle views fail to enforce table security settings
Overview A vulnerability in the way Oracle handles views may allow an attacker to modify privileged database information. Description Database Views A view is a queryable aggregation of data from one or more tables that is stored and maintained. The Problem A vulnerability in the way that Oracle...
Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
Overview The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts. Description Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The "fsave" and "frstor" instructions are used to store an...
Overly large OPT record assertion
Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's description of this...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via cache directory name
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service or execute arbitrary code on the system...
Wang/Kodak Image Edit ActiveX control
Overview Description The Image Edit control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Edit control is one of several controls used to provide image editting services through a web site. Because the...
Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability
Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 opaqueBackground property, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.204 contain a use-after-fre...
Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability
Overview Automated Solutions Modbus TCP Slave ActiveX Control contains a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service. Description Automated Solutions Modbus TCP Slave ActiveX Control fails to properly process malformed "Modbus" requests to...
CUPS integer overflow vulnerability
Overview CUPS contains an integer overflow that may allow a remote attacker to cause a vulnerable system to crash. Description The Common Unix Printing System CUPS is a print server that is used and distributed by many Unix-like operating systems. CUPS contains an integer overflow vulnerability...
Meridian Prolog Manager uses weak authentication to store and transmit user credentials
Overview Meridian Systems Prolog Manager does not use strong encryption and returns a list of all user credentials when authenticating clients. These behaviors could allow an attacker to obtain user credentials and decrypt passwords. Description Meridian Systems Prolog Manager is a set of...
Microsoft Internet Explorer vulnerable to code execution via mismatched DOM objects
Overview Microsoft Internet Explorer fails to properly handle requests to mismatched DOM objects, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer does not properly handle requests to mismatched DOM objects, such as the...
MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to overflow a heap buffer by one byte
Overview Unauthenticated attacker can cause MIT krb5 Key Distribution Center KDC to overflow a heap buffer by one byte, possibly leading to arbitrary code execution. Description Kerberos is a network authentication system which uses a trusted third party a KDC to authenticate clients and servers ...
Microsoft Message Queuing vulnerable to buffer overflow
Overview Microsoft Message Queuing contains a buffer overflow vulnerability. This could allow a remote attacker to execute arbitrary code on the system running the vulnerable software. Description Microsoft Message Queuing MSMQ is a component of Microsoft Windows that provides messaging services...
Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability
Overview A cross-domain vulnerability exists in the DHTML Editing ActiveX control. An attacker may be able to execute arbitrary script in the Local Machine Zone or read or modify data in other domains. For example, the attacker could execute arbitrary commands with parameters, download and execut...
Mozilla contains a buffer overflow in the SendUidl() function
Overview A vulnerability in the way Mozilla handles certain types of POP3 responses could allow a remote attacker to execute arbitrary code on an affected system. Description Post Office Protocol Version 3 POP3 is a mail protocol that provides a means for retrieving email from a remote server. Th...
Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url
Overview A vulnerability exists in Microsoft IIS 4 and 5 such that an attacker visiting an IIS web site can execute arbitrary code with the privileges of the IUSRmachinename account. This vulnerability is referred to as the "Web Server Folder Directory Traversal" vulnerability. This vulnerability...
Samsung Qmage codec for Android Skia library does not properly validate image files
Overview The Samsung Qmage codec used in the Android Skia library does not properly validate image files. A number of memory corruption vulnerabilities allow an attacker to execute arbitrary code by causing a vulnerable system to parse a Qmage file. Description The Samsung May 2020 Android Securi...
SHDesigns Resident Download Manager does not authenticate firmware downloads
Overview SHDesigns' Resident Download Manager as well as the Ethernet Download Manager does not authenticate firmware downloads before executing code and deploying them to devices. Description CWE-494: Download of Code Without Integrity Check- CVE-2016-6567SHDesigns' Resident Download Manager...
ShoreTel Mobility Client mobile application does not verify SSL certificates
Overview ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation -...
McAfee VirusScan for Linux contains multiple vulnerabilities
Overview McAfee VirusScan for Linux contains multiple vulnerabilities. Description McAfee VirusScan for Linux version 2.0.3 and prior is vulnerable to the following:CWE-200: Information Exposure - CVE-2016-8016 Multiple pages within the web interface utilize a tplt parameter. An authenticated...
AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities
Overview AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including undocumented privileged accounts, authentication bypass, and information exposure. Description AVer Information EH6108H+ hybrid DVR is an IP securit...
Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities
Overview Granite Data Services version 3.1.1-SNAPSHOT AMF framework is vulnerable to XML external entity XXE attack that may be leveraged to expose sensitive data on the host.. Description CWE-611- Improper Restriction of XML External Entity Reference 'XXE' - CVE-2016-2340 Granite Data Services...
Samsung SRN-1670D camera contains multiple vulnerabilities
Overview The Samsung SRN-1670D camera contains multiple vulnerabilities. Description CWE-264: Permissions, Privileges, and Access Controls - CVE-2015-8279 An undocumented PHP request may be used to read arbitrary files from the system. CWE-200: Information Exposure - CVE-2015-8280 The interface...
Huawei E303 contains a cross-site request forgery vulnerability
Overview The built-in web interface of Huawei E303 devices contains a cross-site request forgery vulnerability. Description Huawei E303 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to send and receive SMS messages usi...
Bloxx Web Filtering multiple vulnerabilities
Overview Bloxx Web Filtering contains multiple XSS, CSRF, and authentication bypass vulnerabilities. Description According to Bloxx's website, Bloxx Web Filtering is a real-time Web content filter which performs live analysis and real-time categorization of Web pages to dramatically improve...
ISC BIND 9 vulnerable to denial of service via dynamic update request
Overview ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. It includes support f...
VeriSign Managed PKI Configuration Checker ActiveX control stack buffer overflow
Overview The VeriSign Configuration Checker ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The VeriSign Configuration Checker ActiveX control is provided by web-based digital...
Sun Secure Global Desktop Software (SSGD) contains multiple cross-site scripting vulnerabilities
Overview The Sun Secure Global Desktop SSGD contains cross-site scripting vulnerabilities. Description Sun Secure Global Desktop formerly Tarantella contains multiple input validation vulnerabilities due to failure to properly sanitize user input. The following modules do not properly filter HTML...
Apache mod_rewrite contains off-by-one error in ldap scheme handling
Overview A vulnerability in a common Apache HTTP server module, modrewrite, could allow a remote attacker to execute arbitrary code on an affected web server. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional functionality to the web...
Multiple PHP XML-RPC implementations vulnerable to code injection
Overview A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Description XML-RPC is a specification and a set of implementations that allow software running on disparate operating systems and in different environments to make...
Cisco IOS Easy VPN Server may allow unauthorized users to complete XAUTH authentication
Overview A vulnerability in Cisco IOS Easy VPN Server may allow unauthorized users to complete XAUTH authentication and potentially access private network resources. Description Easy VPN Server Cisco IOS Easy VPN Server allows an IOS device to function as a VPN concentrator, providing...
SafeNet Sentinel License Manager vulnerable to buffer overflow
Overview SafeNet Sentinel License Manager contains a buffer overflow vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the server. Description SafeNet Sentinel License Manager LM is a software-based license management application. It is reported that th...
Apple Mac OS X AppleFileServer fails to properly handle certain authentication requests
Overview There is a buffer overflow vulnerability in the way Apple's AppleFileServer handles certain authentication requests. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code. Description The AppleFileServer provides Apple Filing Protocol AFP services f...
Buffer overflow in Microsoft Messenger Service
Overview There is a buffer overflow in the Microsoft Windows Messenger service that could allow an attacker to execute arbitrary code on most recent versions of Microsoft Windows. Description There is a buffer overflow vulnerability in the Microsoft Windows Messenger service. This could allow an...
Icecast vulnerable to buffer overflow via long GET request
Overview A remotely exploitable buffer overflow exists in Icecast. Description A remotely exploitable buffer overflow exists in Icecast. By sending on overly long GET request to the server, an attacker can execute arbitrary code with the privileges of the Icecast server, or cause the service to...