3704 matches found
Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference
Overview The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. Description CVE-2022-3116 A flawed logical condition in...
Chocolatey Boxstarter is vulnerable to privilege escalation due to weak ACLs
Overview Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description CVE-2020-15264 The Chocolatey Boxstarter installer fails to set a secure access-control list ACL on the...
CalAmp LMU-3030 devices may not authenticate SMS interface
Overview OBD-II devices are used to provide telematics information for managers of fleets of vehicles. One type of device, manufactured by CalAmp, has an SMS text message interface. We have found multiple deployments where no password was configured for this interface by the integrator / reseller...
DEXIS Imaging Suite 10 contains hard-coded credentials
Overview DEXIS is a dental x-ray imaging software that manages patient records. DEXIS Imaging Suite 10 contains several hard-coded credentials allowing administrative or root access to the patient database. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6532 DEXIS Imaging Suite 10...
MobaXterm server may allow arbitrary command injection due to missing X11 authentication
Overview The MobaXterm server prior to verion 8.3 is vulnerable to arbitrary command injection over port 6000 when using default X11 settings. Description CWE-306: Missing Authentication for Critical Function - CVE-2015-7244MobaXterm server prior to version 8.3 includes an X11 server listening on...
uIP and lwIP DNS resolver vulnerable to cache poisoning
Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...
HP System Management Homepage vulnerable to cross-site scripting
Overview HP System Management Homepage versions 7.2.3 and 7.3.2.1 contain a reflected cross site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-2640HP System Management Homepage versions 7.2.3 and 7.3.2.1...
EMC Document Sciences xPression contains multiple vulnerabilities
Overview EMC Document Sciences xPression 4.2 Patch 16 and possibly earlier versions contain path traversal, SQL injection, cross-site scripting XSS, open redirect, and cross-site request forgery CSRF vulnerabilities. Description EMC Document Sciences xPression 4.2 Patch 16 and possibly earlier...
DrayTek Vigor 2700 ADSL router contains a command injection vulnerability
Overview DrayTek Vigor 2700 ADSL router version 2.8.3 and possibly earlier versions contain a command injection vulnerability via malicious SSID CWE-77. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' DrayTek Vigor 2700 ADSL router version 2.8...
Faircom c-treeACE database weak obfuscation algorithm vulnerability
Overview Faircom c-treeACE provides a weak obfuscation algorithm CWE-327 that may be unobfuscated without knowledge of a key or password. The algorithm was formerly called Faircom Standard Encryption but is now called Data Camouflage. Description Faircom c-treeACE provides a weak obfuscation...
Johnson Controls CK721-A and P2000 remote command execution vulnerability
Overview Johnson Controls CK721-A and P2000 products contain a remote command execution vulnerability which may allow an unauthenticated remote attacker to perform various tasks against the devices. Description The "download" port tcp/41014 on the CK721-A device is vulnerable to remote command...
Ecava IntegraXor web service allows directory traversal outside of web root
Overview Ecava IntegraXor contains a directory traversal vulnerability Description According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition SCADA system. Ecava IntegraXor runs a web service that...
Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control stack buffer overflow
Overview The Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control contains a stack buffer overflow that could allow a remote attacker to execute arbitrary code on an affected system Description The Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control,...
Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value
Overview Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value, which may prevent Windows from effectively disabling AutoRun and AutoPlay features. Description AutoRun, which was introduced with Windows 95, is a feature that causes Windows to automatically take an actio...
Yahoo! Webcam view utilities ActiveX control vulnerable to arbitrary code execution
Overview The Yahoo! Webcam view utilities ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Webcam is a component of Yahoo! Messenger that allows users to chat via webcams over ...
Oracle Database SYS.DBMS_METADATA_UTIL package SQL injection vulnerability
Overview Oracle Database SYS.DBMSMETADATAUTIL package vulnerable to SQL injection. Description The Oracle Database SYS.DBMSMETADATAUTIL package fails to properly filter user-supplied input. This may allow a remote attacker to insert arbitrary SQL commands, which may be executed by the database. W...
JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability
Overview The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can be...
Apple Safari automatically installs Dashboard widgets
Overview Apple Safari on Mac OS X Tiger automatically installs Dashboard widgets without user intervention or notice. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is a collection of applications called "widgets." The system-installed widgets a...
Simultaneous multithreading processors may leak information through cache eviction analysis techniques
Overview Operating systems on hardware platforms supporting simultaneous multi-threading Hyper-Threading technology in particular are potentially vulnerable to information leakage to local users. Proof of concept papers and code demonstrating successful attacks against cryptographic keys are in...
mod_python vulnerable to information disclosure via crafted URL
Overview The Apache modpython module is vulnerable to unintended remote information disclosure using specially crafted URLs. Description From the modpython web page:Modpython is an Apache module that embeds the Python interpreter within the server. With modpython you can write web-based...
Microsoft Internet Explorer does not properly validate URL sources
Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary...
OpenSSL contains integer overflow handling ASN.1 tags (1)
Overview A vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose cryptographic library. SSL and TLS are...
realpath(3) function contains off-by-one buffer overflow
Overview A function originally derived from 4.4BSD, realpath3, contains a vulnerability that may permit a malicious user to gain root access to the server. This function was derived from the FreeBSD 3.x tree. Other applications and operating systems that use or were derived from this code base ma...
Microsoft Word and Excel documents allow local file reading by via embedded fields
Overview Microsoft Word and Excel contain special encoding tags for formatting and updating content. An attacker may be able to use these tags to exploit an information disclosure vulnerability. Description Microsoft Word and Microsoft Excel are applications that ship as part of the Microsoft...
Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 buffer overflow in chunked encoding transfer mechanism for ASP
Overview A buffer overflow vulnerability in IIS 4.0, 5.0, and 5.1 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the ASP ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to ...
ld.so fails to unset LD_PRELOAD before executing suid root programs
Overview ld.so fails to unset LDPRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries. Description ld.so, the UNIX/LINUX dynamic loader, fails in some conditions and some operating system releases to unset LDPRELOAD before loading suid root programs for...
Microsoft Windows 2000/Internet Information Server (IIS) 5.0 Internet Printing Protocol (IPP) ISAPI contains buffer overflow (MS01-023)
Overview A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. Description Windows 2000 includes support for the Internet Printing Protocol IPP via an ISAPI extension. According to Microsoft, this extension i...
IP Fragmentation Denial-of-Service Vulnerability in FireWall-1
Overview A large stream of IP traffic can monopolize the CPU of a Check Point FireWall-1 firewall, resulting in a denial-of-service condition. Description A denial-of-service vulnerability has been discovered in the FireWall-1 product from Check Point Software Technologies. Check Point has tested...
ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities
Overview According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Description According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version...
Kaseya Virtual System Administrator contains multiple vulnerabilities
Overview Kaseya Virtual System Administrator VSA, versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities. Description CWE-22: Improper Limitation of Pathname to a Restricted Directory 'Path Traversal' - CVE-2015-2862Kaseya VSA is an IT management...
ANTLabs InnGate gateway device contains SQL injection and reflected cross-site scripting vulnerabilities
Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. Description CWE-89: Improper Neutralization of Special Elements used in an SQL...
Zyxel P660 series modem/router denial of service vulnerability
Overview Zyxel P660 series modem/router contains a denial of service vulnerability when parsing a high volume of SYN packets on the web management interface. Description It has been reported that Zyxel P660 series modem/router and possibly other models which share the same core firmware fail to...
Fortigate UTM appliances share the same default CA certificate
Overview Fortigate UTM appliances that support SSL/TLS deep packet inspection share the same self-signed Fortigate CA certificate and associated private key across all devices. The private key, which has been compromised, allows attackers to create and sign fake certificates. Description Fortigat...
Quagga BGP OPEN denial of service vulnerability
Overview Quagga, a routing software suite, contains a BGP OPEN vulnerability that result in a denial-of-service condition. Description CVE-2012-1820: Quagga version 0.99.20.1 and before contains a bug in BGP OPEN message handling. Program Impacted: bgpd: fix DoS in bgpcapabilityorf Description: I...
Adobe Flash Player contains unspecified code execution vulnerability
Overview Adobe Flash contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The following versions of Adobe Flash versions contain an unspecified vulnerability that can result in memory corruption: Adobe Flash Playe...
RSA Keon cross-site scripting vulnerabilities
Overview The RSA KEON Registration Authority web interface contains multiple cross-site scripting XSS vulnerabilities. Description The RSA Keon Certificate Authority CA software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers o...
ADODB.Connection ActiveX control memory corruption vulnerability
Overview The Execute function of the ADODB.Connection ActiveX object contains an unspecified vulnerability. This may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or possibly execute arbitrary code. Description Microsoft ADO ActiveX Data Objects are "...
X.509 certificate verification may be vulnerable to resource exhaustion
Overview Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion. This vulnerability may cause a denial of service. Description Included in X.509 certificates are public keys used for digital signature...
Microsoft Server Service Mailslot vulnerable to heap overflow
Overview A buffer overflow vulnerability in the Microsoft mailslot server service may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Mailslot A mailslot is a temporary mechanism that can facilitate data transfer between hosts. Mailslots messages are limited ...
Macromedia Flash Player fails to properly validate the frame type identifier read from a "SWF" file
Overview A buffer overflow vulnerability in some versions of the Macromedia Flash Player may allow a remote attacker to execute code on a vulnerable system. Description The Macromedia Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed...
TCP/IP implementations do not adequately validate ICMP error messages
Overview Multiple TCP/IP implementations do not adequately validate ICMP error messages. A remote attacker could cause TCP connections to drop or be degraded using spoofed ICMP error messages. Description A number of widely accepted Internet standards describe different aspects of the relationshi...
Squid vulnerable to buffer overflow via an overly long WCCP message
Overview The Squid web proxy cache is vulnerable to a buffer overflow when handing overly long web cache communications protocol WCCP messages. Such messages could crash the Squid process and produce a denial of service condition. Description Squid functions as a web proxy and cache application f...
InnerMedia DynaZip library vulnerable to buffer overflow via long file names
Overview Releases prior to version 5.00.04 of the InnerMedia DynaZip compression library contain a buffer overflow that may allow a remote attacker to execute arbitrary code. Description DynaZip is a popular compression library for the Microsoft Windows platform. A bounds checking deficiency in...
Microsoft IIS contains vulnerability in NNTP service
Overview A vulnerability in the NNTP component of Microsoft IIS may allow a remote attacker to compromise the affected system. Description The Network News Transport Protocol NNTP is a protocol for the distribution, inquiry, retrieval, and posting of news articles over a network. Microsoft's...
MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free)
Overview The MIT Kerberos 5 library does not securely deallocate heap memory when decoding ASN.1 structures, resulting in double-free vulnerabilities. An unauthenticated, remote attacker could execute arbitrary code on a KDC server, which could compromise an entire Kerberos realm. An attacker may...
Sendmail prescan() buffer overflow vulnerability
Overview Sendmail contains a buffer overflow vulnerability in code that parses email addresses. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Sendmail is a widely used mail transfer agent MTA. There is a...
Microsoft Windows RPC vulnerable to buffer overflow
Overview A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call RPC implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft...
Adobe PDF viewers allow non-certified plug-ins to put viewers into Certified Mode
Overview By default, Adobe PDF viewers will start up and load non-certified plug-ins installed in a local plugins directory. Adobe Reader plug-ins not certified by Adobe, if allowed to load, can execute arbitrary code in the process space of the running viewer. One incremental impact of such...
Microsoft Virtual Machine allows untrusted applets to access the user.dir system property
Overview Some versions of the Microsoft virtual machine Microsoft VM contain a flaw that could leak information about the user's system. This flaw could allow malicious Java applets to get information they would normally be denied access to. Description The Microsoft virtual machine Microsoft VM...
Solaris X Window Font Service (XFS) daemon contains buffer overflow in Dispatch() function
Overview A remotely exploitable buffer overflow has been discovered in the Solaris X Window Font Service XFS daemon fs.auto. Description ISS X-Force released an Advisory today regarding a remotely exploitable buffer overflow in XFS. According to ISS, XFS is installed and running by default on the...