XFree86 vulnerable to buffer overflow via crafted font directory in 'fonts.alias' file

Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...

Microsoft MSN "Hrtbeat.ocx" ActiveX control contains unspecified vulnerability

Overview A vulnerability exists in the Microsoft MSN "Hrtbeat.ocx" ActiveX control. Description ActiveX is a technology that allows programmers to create reusable software components that can be incorporated into applications to extend their functionality. Microsoft Internet Explorer provides...

Microsoft Windows Utility Manager contains vulnerability in the way it launches applications

Overview Microsoft Windows Utility Manager contains a vulnerability that may permit an authenticated user to launch applications with elevated privileges. Description Microsoft Windows 2000's Utility Manager is a program that permits users to monitor and launch various accessibility applications....

Integer overflow vulnerability in rsync

Overview Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system. Description rsync is an open source utility that provides fast incremental file transfer. It features the ability to...

OpenSSL contains integer overflow handling ASN.1 tags (1)

Overview A vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose cryptographic library. SSL and TLS are...

OpenSSH contains buffer management errors

Overview Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. Description Versions of OpenSSH prior to 3.7.1 contain errors in the general...

realpath(3) function contains off-by-one buffer overflow

Overview A function originally derived from 4.4BSD, realpath3, contains a vulnerability that may permit a malicious user to gain root access to the server. This function was derived from the FreeBSD 3.x tree. Other applications and operating systems that use or were derived from this code base ma...

Various DNS service implementations generate multiple simultaneous queries for the same resource record

Overview Various implementations of DNS services may allow multiple simultaneous queries for the same resource record, allowing an attacker to apply probabilistic techniques to improve their odds of successful DNS spoofing. Description Some implementations of DNS services contain a vulnerability...

ld.so fails to unset LD_PRELOAD before executing suid root programs

Overview ld.so fails to unset LDPRELOAD before executing suid root programs, allowing loading of insecure or malicious libraries. Description ld.so, the UNIX/LINUX dynamic loader, fails in some conditions and some operating system releases to unset LDPRELOAD before loading suid root programs for...

Wang/Kodak Image Edit ActiveX control

Overview Description The Image Edit control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Edit control is one of several controls used to provide image editting services through a web site. Because the...

MobaXterm server may allow arbitrary command injection due to missing X11 authentication

Overview The MobaXterm server prior to verion 8.3 is vulnerable to arbitrary command injection over port 6000 when using default X11 settings. Description CWE-306: Missing Authentication for Critical Function - CVE-2015-7244MobaXterm server prior to version 8.3 includes an X11 server listening on...

Kaseya Virtual System Administrator contains multiple vulnerabilities

Overview Kaseya Virtual System Administrator VSA, versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities. Description CWE-22: Improper Limitation of Pathname to a Restricted Directory 'Path Traversal' - CVE-2015-2862Kaseya VSA is an IT management...

uIP and lwIP DNS resolver vulnerable to cache poisoning

Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...

J2k-Codec contains multiple exploitable vulnerabilities

Overview J2k-Codec contains multiple exploitable vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description J2k-Codec is a JPEG 2000 decoding library for Windows. J2k-Codec contains multiple exploitable exploitable...

Zyxel P660 series modem/router denial of service vulnerability

Overview Zyxel P660 series modem/router contains a denial of service vulnerability when parsing a high volume of SYN packets on the web management interface. Description It has been reported that Zyxel P660 series modem/router and possibly other models which share the same core firmware fail to...

EMC Document Sciences xPression contains multiple vulnerabilities

Overview EMC Document Sciences xPression 4.2 Patch 16 and possibly earlier versions contain path traversal, SQL injection, cross-site scripting XSS, open redirect, and cross-site request forgery CSRF vulnerabilities. Description EMC Document Sciences xPression 4.2 Patch 16 and possibly earlier...

802.1X password exploit on many HTC Android devices

Overview A user's 802.1X WiFi credentials and SSID information may be exposed to any application with basic WiFi permissions on certain HTC builds of Android. Description Any Android application on an affected HTC build with the android.permission.ACCESSWIFISTATE permission can use the .toString...

Adobe Flash Player contains unspecified code execution vulnerability

Overview Adobe Flash contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The following versions of Adobe Flash versions contain an unspecified vulnerability that can result in memory corruption: Adobe Flash Playe...

Ecava IntegraXor web service allows directory traversal outside of web root

Overview Ecava IntegraXor contains a directory traversal vulnerability Description According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition SCADA system. Ecava IntegraXor runs a web service that...

SAP BusinessObjects Axis2 Default Admin Password

Overview The Axis2 component of SAP BusinessObjects contains a default administrator account and password. Description The SAP BusinessObjects product contains a module dswsbobje.war which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone...

Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)

Overview The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Description An attacker with a known username and access to a...

Yahoo! Webcam view utilities ActiveX control vulnerable to arbitrary code execution

Overview The Yahoo! Webcam view utilities ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Webcam is a component of Yahoo! Messenger that allows users to chat via webcams over ...

Microsoft Word fails to properly process crafted array data

Overview Microsoft Word contains a remote code execution vulnerability that could enable an attacker to execute arbitrary code and gain complete control of the vulnerable system. Description Microsoft Word fails to properly handle malformed data within an array. When a Word file is opened, Word...

Microsoft Server Service Mailslot vulnerable to heap overflow

Overview A buffer overflow vulnerability in the Microsoft mailslot server service may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Mailslot A mailslot is a temporary mechanism that can facilitate data transfer between hosts. Mailslots messages are limited ...

Macromedia Flash Player fails to properly validate the frame type identifier read from a "SWF" file

Overview A buffer overflow vulnerability in some versions of the Macromedia Flash Player may allow a remote attacker to execute code on a vulnerable system. Description The Macromedia Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed...

TCP/IP implementations do not adequately validate ICMP error messages

Overview Multiple TCP/IP implementations do not adequately validate ICMP error messages. A remote attacker could cause TCP connections to drop or be degraded using spoofed ICMP error messages. Description A number of widely accepted Internet standards describe different aspects of the relationshi...

mod_python vulnerable to information disclosure via crafted URL

Overview The Apache modpython module is vulnerable to unintended remote information disclosure using specially crafted URLs. Description From the modpython web page:Modpython is an Apache module that embeds the Python interpreter within the server. With modpython you can write web-based...

Squid vulnerable to buffer overflow via an overly long WCCP message

Overview The Squid web proxy cache is vulnerable to a buffer overflow when handing overly long web cache communications protocol WCCP messages. Such messages could crash the Squid process and produce a denial of service condition. Description Squid functions as a web proxy and cache application f...

InnerMedia DynaZip library vulnerable to buffer overflow via long file names

Overview Releases prior to version 5.00.04 of the InnerMedia DynaZip compression library contain a buffer overflow that may allow a remote attacker to execute arbitrary code. Description DynaZip is a popular compression library for the Microsoft Windows platform. A bounds checking deficiency in...

Microsoft Internet Explorer does not properly validate URL sources

Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary...

Sendmail prescan() buffer overflow vulnerability

Overview Sendmail contains a buffer overflow vulnerability in code that parses email addresses. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Sendmail is a widely used mail transfer agent MTA. There is a...

Microsoft Windows RPC vulnerable to buffer overflow

Overview A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call RPC implementation. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft...

Solaris X Window Font Service (XFS) daemon contains buffer overflow in Dispatch() function

Overview A remotely exploitable buffer overflow has been discovered in the Solaris X Window Font Service XFS daemon fs.auto. Description ISS X-Force released an Advisory today regarding a remotely exploitable buffer overflow in XFS. According to ISS, XFS is installed and running by default on the...

Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 buffer overflow in chunked encoding transfer mechanism for ASP

Overview A buffer overflow vulnerability in IIS 4.0, 5.0, and 5.1 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the ASP ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to ...

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "%3F+.htr"

Overview A vulnerability exists in Microsoft Information Server IIS in which a crafted HTTP GET request may return the contents of a file on the affected server. A possible target of such a request might be a script that should only be executable not readable by unauthenticated remote users. The...

Microsoft Windows 2000/Internet Information Server (IIS) 5.0 Internet Printing Protocol (IPP) ISAPI contains buffer overflow (MS01-023)

Overview A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine. Description Windows 2000 includes support for the Internet Printing Protocol IPP via an ISAPI extension. According to Microsoft, this extension i...

IP Fragmentation Denial-of-Service Vulnerability in FireWall-1

Overview A large stream of IP traffic can monopolize the CPU of a Check Point FireWall-1 firewall, resulting in a denial-of-service condition. Description A denial-of-service vulnerability has been discovered in the FireWall-1 product from Check Point Software Technologies. Check Point has tested...

iTerm2 with tmux integration is vulnerable to remote command execution

Overview iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution. Description iTerm2 is a popular terminal emulator for macOS that supports terminal multiplexing using tmux integration and is frequently used by developers and system administrator...

Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificates

Overview Think Mutual Bank mobile banking app for iOS, version 3.1.5 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation -...

HP System Management Homepage vulnerable to cross-site scripting

Overview HP System Management Homepage versions 7.2.3 and 7.3.2.1 contain a reflected cross site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-2640HP System Management Homepage versions 7.2.3 and 7.3.2.1...

Multi-vendor IP camera web interface authentication bypass

Overview The web interface firmware for Foscam and Wansview H.264 Hi3510/11/12 IP cameras contain an authentication bypass vulnerability. Other vendors that share the same base firmware image are also vulnerable. Description It has been reported that the web interface for IP cameras from several...

Quagga BGP OPEN denial of service vulnerability

Overview Quagga, a routing software suite, contains a BGP OPEN vulnerability that result in a denial-of-service condition. Description CVE-2012-1820: Quagga version 0.99.20.1 and before contains a bug in BGP OPEN message handling. Program Impacted: bgpd: fix DoS in bgpcapabilityorf Description: I...

libpng chunk decompression integer overflow vulnerability

Overview The libpng library contains an integer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphi...

Husdawg, LLC Systems Requirements Lab ActiveX control and Java applet vulnerable to arbitrary code download and execution

Overview The Husdawg, LLC. System Requirements Lab ActiveX control and Java applet allow an unauthenticated remote attacker to download and execute arbitrary code. Description Husdawg, LLC. provides an ActiveX control and signed Java Applet that are used for benchmarking the capabilities of a PC...

RSA Keon cross-site scripting vulnerabilities

Overview The RSA KEON Registration Authority web interface contains multiple cross-site scripting XSS vulnerabilities. Description The RSA Keon Certificate Authority CA software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers o...

ADODB.Connection ActiveX control memory corruption vulnerability

Overview The Execute function of the ADODB.Connection ActiveX object contains an unspecified vulnerability. This may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or possibly execute arbitrary code. Description Microsoft ADO ActiveX Data Objects are "...

X.509 certificate verification may be vulnerable to resource exhaustion

Overview Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion. This vulnerability may cause a denial of service. Description Included in X.509 certificates are public keys used for digital signature...

Oracle Text SQL injection vulnerability

Overview Oracle Text is vulnerable to SQL injection, which could allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description According to Oracle:Oracle Text uses standard SQL to index, search, and analyze text and documents stored in the Oracle...

Microsoft Internet Explorer contains URL decoding cross-domain vulnerability

Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...

Microsoft IIS contains vulnerability in NNTP service

Overview A vulnerability in the NNTP component of Microsoft IIS may allow a remote attacker to compromise the affected system. Description The Network News Transport Protocol NNTP is a protocol for the distribution, inquiry, retrieval, and posting of news articles over a network. Microsoft's...