Microsoft Windows fails to properly create entries in the Local Descriptor Table (LDT)

Overview Microsoft Windows NT4.0 and Windows 2000 contain a vulnerability that could permit a local user to gain elevated privileges on the system. Description Microsoft Windows NT4.0 and Windows 2000 provide an API to the kernel to create Local Descriptor Tables LDT for applications. A failure t...

Buffer overflow in Microsoft Messenger Service

Overview There is a buffer overflow in the Microsoft Windows Messenger service that could allow an attacker to execute arbitrary code on most recent versions of Microsoft Windows. Description There is a buffer overflow vulnerability in the Microsoft Windows Messenger service. This could allow an...

Samba contains multiple buffer overflows

Overview Samba contains several buffer overflow vulnerabilitites. At least one of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. Description Samba is a widely used open-source implementation of Server Message Block...

Icecast vulnerable to buffer overflow via long GET request

Overview A remotely exploitable buffer overflow exists in Icecast. Description A remotely exploitable buffer overflow exists in Icecast. By sending on overly long GET request to the server, an attacker can execute arbitrary code with the privileges of the Icecast server, or cause the service to...

NCR SelfServ ATM dispenser software contains multiple vulnerabilities

Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 05.01.00 or older are vulnerable to physical attacks on the communications bus between the currency dispenser component and the host computer. Description NCR SelfServ ATMs running APTRA XFS 05.01.00 or older contain...

Dokan file system driver contains a stack-based buffer overflow

Overview A system driver in the Dokan Open Source File System contains a stack-based buffer overflow, which could allow an attacker to gain elevated privileges on the host machine. Description CWE-121: Stack-based Buffer Overflow - CVE-2018-5410Dokan, versions between 1.0.0.5000 and 1.2.0.1000,...

McAfee VirusScan for Linux contains multiple vulnerabilities

Overview McAfee VirusScan for Linux contains multiple vulnerabilities. Description McAfee VirusScan for Linux version 2.0.3 and prior is vulnerable to the following:CWE-200: Information Exposure - CVE-2016-8016 Multiple pages within the web interface utilize a tplt parameter. An authenticated...

Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities

Overview Granite Data Services version 3.1.1-SNAPSHOT AMF framework is vulnerable to XML external entity XXE attack that may be leveraged to expose sensitive data on the host.. Description CWE-611- Improper Restriction of XML External Entity Reference 'XXE' - CVE-2016-2340 Granite Data Services...

NTP Project ntpd reference implementation contains multiple vulnerabilities

Overview NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks. Description CVE-2015-1798, bug 2779:In NTP4 installations utilizing symmetric key authentication,...

Coursemill Learning Management System contains multiple vulnerabilities

Overview Coursemill Learning Management System version 6.6 and 6.8 contains multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web Parameter - CVE-2013-3599In Coursemill 6.6, when loading the home page /coursemill/cm0660/home.html the response to the userlogin.js...

Pattern Insight 2.3 contains multiple vulnerabilities

Overview The Pattern Insight web interface contains multiple vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF CVE-2012-4935: Pattern Insight: CSRF protections do not existWhen an already authorized victim navigates to a malicious site containing a hidden form request, it is...

ISC BIND 9 zero length rdata named vulnerability

Overview ISC BIND 9 named contains a vulnerability that could allow a attacker to cause named to terminate unexpectedly. Description According to ISC's security advisory:This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null ze...

Zenprise Device Manager CSRF vulnerability

Overview The Zenprise Device Manager software is susceptible to a cross-site request forgery CSRF vulnerability that may result in the compromise of the fleet of mobile devices managed by the product. Description Zenprise Device Manager is a mobile device management MDM software package that can ...

S2 Security Netbox/Linear eMerge Access Control System management component vulnerable to unauthenticated factory reset

Overview The S2 Security Netbox/Linear eMerge Access Control System management console allows an unauthenticated attacker to perform a factory reset of the management system. Description Linear eMerge is an IP-enabled security management and access control system. The product is distributed by...

CUPS integer overflow vulnerability

Overview CUPS contains an integer overflow that may allow a remote attacker to cause a vulnerable system to crash. Description The Common Unix Printing System CUPS is a print server that is used and distributed by many Unix-like operating systems. CUPS contains an integer overflow vulnerability...

Mozilla JavaScript privilege escalation

Overview Mozilla products contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code. Description Mozilla Firefox, Thunderbird, and SeaMonkey do not properly handle JavaScript, which may allow privilege escalation and execution of arbitrary code o...

Microsoft Windows Vista CSRSS privilege escalation vulnerability

Overview The Microsoft Windows Client/Server Run-time Subsystem CSRSS process fails to properly handle error messages. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Client/Server Run-time Subsystem CSRSS is an essential subsystem. CSRSS is responsib...

CA BrightStor ARCserve Backup Tape Engine RPC buffer overflow

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine RPC service contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention...

Apache mod_rewrite contains off-by-one error in ldap scheme handling

Overview A vulnerability in a common Apache HTTP server module, modrewrite, could allow a remote attacker to execute arbitrary code on an affected web server. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional functionality to the web...

Microsoft Outlook and Microsoft Exchange TNEF decoding buffer overflow

Overview Microsoft Outlook and Microsoft Exchange contain a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a system running the vulnerable software. Description Transport Neutral Encapsulation Format TNEFTNEF is a proprietary Microsoft...

Yamaha MusicCAST MCX-1000 wireless network interface operates in Access Point mode by default

Overview The Yamaha MusicCAST MCX-1000 server wireless networking interface is enabled by default, cannot be disabled, and operates in Access Point mode. A remote attacker could access the MusicCAST wireless network and potentially any other network connected to the MusicCAST. Description The...

Ethereal contains multiple vulnerabilities in the UCP protocol dissector

Overview Ethereal contains multiple buffer overflows in the Universal Control Protocol UCP protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes the ability to...

Common Desktop Environment (CDE) dtlogin XDMCP parser improperly deallocates memory

Overview A "double-free" vulnerability in the CDE dtlogin program could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description The Common Desktop Environment CDE is an integrated graphical user interface that runs on UNIX and Linux...

Microsoft Windows Media Services contains buffer overflow in "nsiislog.dll"

Overview Microsoft Windows Media Services provides streaming audio and video capabilities. A vulnerability in a component of this software could allow a remote attacker to compromise the server running it. Description According to Microsoft Security Bulletin MS03-022:Microsoft Windows Media...

Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference

Overview The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. Description CVE-2022-3116 A flawed logical condition in...

Chocolatey Boxstarter is vulnerable to privilege escalation due to weak ACLs

Overview Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description CVE-2020-15264 The Chocolatey Boxstarter installer fails to set a secure access-control list ACL on the...

NCR SelfServ ATM BNA contains multiple vulnerabilities

Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 04.02.01 and 05.01.00 are vulnerable to physical attacks on the communications bus between the host computer and the bunch note accepter BNA. Description NCR ATM SelfServ devices running APTRA XFS 04.02.01 and 05.01.00 contain...

CalAmp LMU-3030 devices may not authenticate SMS interface

Overview OBD-II devices are used to provide telematics information for managers of fleets of vehicles. One type of device, manufactured by CalAmp, has an SMS text message interface. We have found multiple deployments where no password was configured for this interface by the integrator / reseller...

DEXIS Imaging Suite 10 contains hard-coded credentials

Overview DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6532 DEXIS Imaging Suite 10...

Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability

Overview Autodesk Backburner 2016, version 2016.0.0.2150 and earlier, fails to properly check the length of command input which may be leveraged to create a denial of service condition or to execute arbitrary code. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2344The Autodesk...

Belkin N150 path traversal vulnerability

Overview Belkin N150 wireless routers contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2014-2962Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a path traversal vulnerability...

Hughes Network Systems Broadband Global Area Network (BGAN) satellite terminal firmware contains multiple vulnerabilities

Overview Firmware developed by Hughes Network Systems used in a number of BGAN satellite terminals contains undocumented hardcoded login credentials CWE-798. Additionally, the firmware contains an insecure proprietary communications protocol, likely a debugging service, that allows unauthenticate...

Synology DiskStation Manager arbitrary file modification

Overview Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges. Description CWE-284: Improper Access Control - CVE-2013-6955Synology DiskStation Manager...

DrayTek Vigor 2700 ADSL router contains a command injection vulnerability

Overview DrayTek Vigor 2700 ADSL router version 2.8.3 and possibly earlier versions contain a command injection vulnerability via malicious SSID CWE-77. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' DrayTek Vigor 2700 ADSL router version 2.8...

Faircom c-treeACE database weak obfuscation algorithm vulnerability

Overview Faircom c-treeACE provides a weak obfuscation algorithm CWE-327 that may be unobfuscated without knowledge of a key or password. The algorithm was formerly called Faircom Standard Encryption but is now called Data Camouflage. Description Faircom c-treeACE provides a weak obfuscation...

NVIDIA UNIX GPU driver ARGB cursor buffer overflow in "NoScanout" mode

Overview NVIDIA UNIX video drivers contain a buffer overflow vulnerability when run in NoScanout mode. Description The NVIDIA security advisory states:NVIDIA UNIX GPU Driver ARGB Cursor Buffer Overflow in "NoScanout" Mode. When the NVIDIA driver for the X Window System is operated in "NoScanout"...

Ipswitch WhatsUp Gold 15.02 contains SQL injection and XSS vulnerabilities

Overview Ipswitch WhatsUp Gold 15.02 has been reported to contain blind SQL injection and cross-site scripting vulnerabilities. Description Ipswitch WhatsUp Gold 15.02 has been reported to contain blind SQL injection and cross-site scripting vulnerabilities.CWE-79-CVE-2012-2601 - Blind SQL...

Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control stack buffer overflow

Overview The Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control contains a stack buffer overflow that could allow a remote attacker to execute arbitrary code on an affected system Description The Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control,...

iseemedia / Roxio / MGI Software LPViewer ActiveX control stack buffer overflows

Overview The iseemedia LPViewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The iseemedia LPViewer ActiveX control, which is provided by the file LPControl.dll, is a...

Microsoft Graphics Rendering Engine fails to properly handle WMF images

Overview Microsoft Windows Graphics Rendering Engine contains a vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including Windows Metafile WMF. An...

Oracle Database SYS.DBMS_METADATA_UTIL package SQL injection vulnerability

Overview Oracle Database SYS.DBMSMETADATAUTIL package vulnerable to SQL injection. Description The Oracle Database SYS.DBMSMETADATAUTIL package fails to properly filter user-supplied input. This may allow a remote attacker to insert arbitrary SQL commands, which may be executed by the database. W...

JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability

Overview The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can be...

Apple Safari automatically installs Dashboard widgets

Overview Apple Safari on Mac OS X Tiger automatically installs Dashboard widgets without user intervention or notice. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is a collection of applications called "widgets." The system-installed widgets a...

Simultaneous multithreading processors may leak information through cache eviction analysis techniques

Overview Operating systems on hardware platforms supporting simultaneous multi-threading Hyper-Threading technology in particular are potentially vulnerable to information leakage to local users. Proof of concept papers and code demonstrating successful attacks against cryptographic keys are in...

Apple Mac OS X vulnerable to buffer overflow via vpnd daemon

Overview Apple Mac OS X contains a buffer overflow in vpnd that could allow a local, authenticated attacker to execute arbitrary code with root privileges. Description Mac OS X includes a VPN server called vpnd, which is installed setuid root by default. vpnd fails to validate the length of the...

Microsoft Internet Explorer DHTML objects contain a race condition

Overview A race condition in the way that Internet Explorer handles DHTML objects may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft:Dynamic HTML DHTML is built on an object model that extends the traditional static HTML document which...

Windows Media Player does not properly handle PNG images with excessive width or height values

Overview Microsoft Windows Media Player fails to properly handle PNG images containing unexpected information. Remote attackers may be able to craft a malicious PNG image that would cause Media Player to execute arbitrary code. Description Microsoft Windows Media Player WMP is an application that...

XFree86 vulnerable to buffer overflow via crafted font directory in 'fonts.alias' file

Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...

Microsoft MSN "Hrtbeat.ocx" ActiveX control contains unspecified vulnerability

Overview A vulnerability exists in the Microsoft MSN "Hrtbeat.ocx" ActiveX control. Description ActiveX is a technology that allows programmers to create reusable software components that can be incorporated into applications to extend their functionality. Microsoft Internet Explorer provides...

Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability

Overview The Active Setup Install Engine in Microsoft Internet Explorer contains a buffer overflow vulnerability. This may allow an attacker to take complete control of a vulnerable system. Description The Active Setup Install Engine inseng.dll permits cabinet files to be launched and executed...