3704 matches found
Various DNS service implementations generate multiple simultaneous queries for the same resource record
Overview Various implementations of DNS services may allow multiple simultaneous queries for the same resource record, allowing an attacker to apply probabilistic techniques to improve their odds of successful DNS spoofing. Description Some implementations of DNS services contain a vulnerability...
Microsoft Internet Information Server (IIS) buffer overflow in server-side includes (SSI) containing long invalid file name
Overview A buffer overflow in IIS could allow an intruder to execute arbitrary code with the privileges of the ASP.DDL. Description Server-side include files SSI files are files which reside on a web server and which are included by scripts, programs, or web pages. SSI files are often used to...
mod_ssl and Apache_SSL modules contain a buffer overflow in the implementation of the OpenSSL "i2d_SSL_SESSION" routine
Overview There is a remotely exploitable buffer overflow in two modules that implement the Secure Sockets Layer SSL and Transport Layer Security TLS protocol. This can be used to execute arbitrary code. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are used t...
VMware Workspace ONE Access and related components are vulnerable to command injection
Overview VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker to execute commands with unrestricted privileges on the underlying operating system...
IPTV encoder devices contain multiple vulnerabilities
Overview Multiple vulnerabilities exist in various Video Over IP Internet Protocol encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system...
Dokan file system driver contains a stack-based buffer overflow
Overview A system driver in the Dokan Open Source File System contains a stack-based buffer overflow, which could allow an attacker to gain elevated privileges on the host machine. Description CWE-121: Stack-based Buffer Overflow - CVE-2018-5410Dokan, versions between 1.0.0.5000 and 1.2.0.1000,...
NTP Project ntpd reference implementation contains multiple vulnerabilities
Overview NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks. Description CVE-2015-1798, bug 2779:In NTP4 installations utilizing symmetric key authentication,...
Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values
Overview The Intelligent Platform Management Interface IPMI v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-8272The IPMI...
XML signature HMAC truncation authentication bypass
Overview The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication. Description XML Signature Syntax and Processing XMLDsig is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services f...
Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflow
Overview The WebexUCFObject ActiveX control, which comes with Cisco WebEx Meeting Manager, contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Cisco WebEx is an online meeting and collaboration software...
EMC NetWorker Management Console weak authentication vulnerability
Overview A vulnerability in the authentication mechanism used by the Legato NetWorker Management Console may allow an attacker to execute arbitrary commands. Description The EMC NetWorker formerly Legato NetWorker family of products provides solutions for backup and recovery of data. It includes...
OpenSSH fails to properly handle multiple identical blocks in a SSH packet
Overview OpenSSH fails to properly handle multiple identical blocks in a SSH packet. This vulnerability may cause a denial-of-service condition. Description OpenSSH is an open source client and server implementation of the Secure Shell SSH protocol. OpenSSH includes a cyclic redundancy check CRC...
Microsoft Internet Explorer DHTML objects contain a race condition
Overview A race condition in the way that Internet Explorer handles DHTML objects may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft:Dynamic HTML DHTML is built on an object model that extends the traditional static HTML document which...
Microsoft Internet Explorer does not properly handle function redirection
Overview Microsoft Internet Explorer IE fails to properly validate redirected functions. The impact is similar to that of a cross-site scripting vulnerability, which allows an attacker to access data in other sites, including the Local Machine Zone. Description IE features Active scripting, the...
Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability
Overview The Active Setup Install Engine in Microsoft Internet Explorer contains a buffer overflow vulnerability. This may allow an attacker to take complete control of a vulnerable system. Description The Active Setup Install Engine inseng.dll permits cabinet files to be launched and executed...
MIT Kerberos krb524d insecurely deallocates memory (double-free)
Overview The MIT Kerberos krb524d daemon does not securely deallocate heap memory when handling an error condition, resulting in a double-free vulnerability. An unauthenticated, remote attacker could execute arbitrary code on a system running krb524d, which in many cases is also a Kerberos...
Microsoft Internet Explorer does not properly validate source of redirected frame
Overview Microsoft Internet Explorer IE does not adequately validate the security context of a frame that has been redirected by a web server. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone...
Microsoft Windows Utility Manager contains vulnerability in the way it launches applications
Overview Microsoft Windows Utility Manager contains a vulnerability that may permit an authenticated user to launch applications with elevated privileges. Description Microsoft Windows 2000's Utility Manager is a program that permits users to monitor and launch various accessibility applications....
Microsoft Windows fails to properly create entries in the Local Descriptor Table (LDT)
Overview Microsoft Windows NT4.0 and Windows 2000 contain a vulnerability that could permit a local user to gain elevated privileges on the system. Description Microsoft Windows NT4.0 and Windows 2000 provide an API to the kernel to create Local Descriptor Tables LDT for applications. A failure t...
Ethereal contains multiple vulnerabilities in the UCP protocol dissector
Overview Ethereal contains multiple buffer overflows in the Universal Control Protocol UCP protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes the ability to...
Common Desktop Environment (CDE) dtlogin XDMCP parser improperly deallocates memory
Overview A "double-free" vulnerability in the CDE dtlogin program could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description The Common Desktop Environment CDE is an integrated graphical user interface that runs on UNIX and Linux...
Integer overflow vulnerability in rsync
Overview Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system. Description rsync is an open source utility that provides fast incremental file transfer. It features the ability to...
Microsoft Windows Media Services contains buffer overflow in "nsiislog.dll"
Overview Microsoft Windows Media Services provides streaming audio and video capabilities. A vulnerability in a component of this software could allow a remote attacker to compromise the server running it. Description According to Microsoft Security Bulletin MS03-022:Microsoft Windows Media...
Samba contains multiple buffer overflows
Overview Samba contains several buffer overflow vulnerabilitites. At least one of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. Description Samba is a widely used open-source implementation of Server Message Block...
NCR SelfServ ATM dispenser software contains multiple vulnerabilities
Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 05.01.00 or older are vulnerable to physical attacks on the communications bus between the currency dispenser component and the host computer. Description NCR SelfServ ATMs running APTRA XFS 05.01.00 or older contain...
NCR SelfServ ATM BNA contains multiple vulnerabilities
Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 04.02.01 and 05.01.00 are vulnerable to physical attacks on the communications bus between the host computer and the bunch note accepter BNA. Description NCR ATM SelfServ devices running APTRA XFS 04.02.01 and 05.01.00 contain...
Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability
Overview Autodesk Backburner 2016, version 2016.0.0.2150 and earlier, fails to properly check the length of command input which may be leveraged to create a denial of service condition or to execute arbitrary code. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2344The Autodesk...
J2k-Codec contains multiple exploitable vulnerabilities
Overview J2k-Codec contains multiple exploitable vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description J2k-Codec is a JPEG 2000 decoding library for Windows. J2k-Codec contains multiple exploitable exploitable...
Hughes Network Systems Broadband Global Area Network (BGAN) satellite terminal firmware contains multiple vulnerabilities
Overview Firmware developed by Hughes Network Systems used in a number of BGAN satellite terminals contains undocumented hardcoded login credentials CWE-798. Additionally, the firmware contains an insecure proprietary communications protocol, likely a debugging service, that allows unauthenticate...
Synology DiskStation Manager arbitrary file modification
Overview Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges. Description CWE-284: Improper Access Control - CVE-2013-6955Synology DiskStation Manager...
NVIDIA UNIX GPU driver ARGB cursor buffer overflow in "NoScanout" mode
Overview NVIDIA UNIX video drivers contain a buffer overflow vulnerability when run in NoScanout mode. Description The NVIDIA security advisory states:NVIDIA UNIX GPU Driver ARGB Cursor Buffer Overflow in "NoScanout" Mode. When the NVIDIA driver for the X Window System is operated in "NoScanout"...
Pattern Insight 2.3 contains multiple vulnerabilities
Overview The Pattern Insight web interface contains multiple vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF CVE-2012-4935: Pattern Insight: CSRF protections do not existWhen an already authorized victim navigates to a malicious site containing a hidden form request, it is...
Ipswitch WhatsUp Gold 15.02 contains SQL injection and XSS vulnerabilities
Overview Ipswitch WhatsUp Gold 15.02 has been reported to contain blind SQL injection and cross-site scripting vulnerabilities. Description Ipswitch WhatsUp Gold 15.02 has been reported to contain blind SQL injection and cross-site scripting vulnerabilities.CWE-79-CVE-2012-2601 - Blind SQL...
Johnson Controls CK721-A and P2000 remote command execution vulnerability
Overview Johnson Controls CK721-A and P2000 products contain a remote command execution vulnerability which may allow an unauthenticated remote attacker to perform various tasks against the devices. Description The "download" port tcp/41014 on the CK721-A device is vulnerable to remote command...
ISC BIND 9 zero length rdata named vulnerability
Overview ISC BIND 9 named contains a vulnerability that could allow a attacker to cause named to terminate unexpectedly. Description According to ISC's security advisory:This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null ze...
802.1X password exploit on many HTC Android devices
Overview A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android. Description Any Android application on an affected HTC build with the android.permission.ACCESSWIFISTATE permission can use the .toString...
Zenprise Device Manager CSRF vulnerability
Overview The Zenprise Device Manager software is susceptible to a cross-site request forgery CSRF vulnerability that may result in the compromise of the fleet of mobile devices managed by the product. Description Zenprise Device Manager is a mobile device management MDM software package that can ...
SAP BusinessObjects Axis2 Default Admin Password
Overview The Axis2 component of SAP BusinessObjects contains a default administrator account and password. Description The SAP BusinessObjects product contains a module dswsbobje.war which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone...
Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)
Overview The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Description An attacker with a known username and access to a...
S2 Security Netbox/Linear eMerge Access Control System management component vulnerable to unauthenticated factory reset
Overview The S2 Security Netbox/Linear eMerge Access Control System management console allows an unauthenticated attacker to perform a factory reset of the management system. Description Linear eMerge is an IP-enabled security management and access control system. The product is distributed by...
iseemedia / Roxio / MGI Software LPViewer ActiveX control stack buffer overflows
Overview The iseemedia LPViewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The iseemedia LPViewer ActiveX control, which is provided by the file LPControl.dll, is a...
Mozilla JavaScript privilege escalation
Overview Mozilla products contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code. Description Mozilla Firefox, Thunderbird, and SeaMonkey do not properly handle JavaScript, which may allow privilege escalation and execution of arbitrary code o...
Microsoft Word fails to properly process crafted array data
Overview Microsoft Word contains a remote code execution vulnerability that could enable an attacker to execute arbitrary code and gain complete control of the vulnerable system. Description Microsoft Word fails to properly handle malformed data within an array. When a Word file is opened, Word...
CA BrightStor ARCserve Backup Tape Engine RPC buffer overflow
Overview The Computer Associates BrightStor ARCserve Backup Tape Engine RPC service contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention...
Microsoft Graphics Rendering Engine fails to properly handle WMF images
Overview Microsoft Windows Graphics Rendering Engine contains a vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including Windows Metafile WMF. An...
Microsoft Outlook and Microsoft Exchange TNEF decoding buffer overflow
Overview Microsoft Outlook and Microsoft Exchange contain a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a system running the vulnerable software. Description Transport Neutral Encapsulation Format TNEFTNEF is a proprietary Microsoft...
Simultaneous multithreading processors may leak information through cache eviction analysis techniques
Overview Operating systems on hardware platforms supporting simultaneous multi-threading Hyper-Threading technology in particular are potentially vulnerable to information leakage to local users. Proof of concept papers and code demonstrating successful attacks against cryptographic keys are in...
Apple Mac OS X vulnerable to buffer overflow via vpnd daemon
Overview Apple Mac OS X contains a buffer overflow in vpnd that could allow a local, authenticated attacker to execute arbitrary code with root privileges. Description Mac OS X includes a VPN server called vpnd, which is installed setuid root by default. vpnd fails to validate the length of the...
Windows Media Player does not properly handle PNG images with excessive width or height values
Overview Microsoft Windows Media Player fails to properly handle PNG images containing unexpected information. Remote attackers may be able to craft a malicious PNG image that would cause Media Player to execute arbitrary code. Description Microsoft Windows Media Player WMP is an application that...
XFree86 vulnerable to buffer overflow via crafted font directory in 'fonts.alias' file
Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...