3695 matches found
libpng chunk decompression integer overflow vulnerability
Overview The libpng library contains an integer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphi...
Husdawg, LLC Systems Requirements Lab ActiveX control and Java applet vulnerable to arbitrary code download and execution
Overview The Husdawg, LLC. System Requirements Lab ActiveX control and Java applet allow an unauthenticated remote attacker to download and execute arbitrary code. Description Husdawg, LLC. provides an ActiveX control and signed Java Applet that are used for benchmarking the capabilities of a PC...
Samba "send_mailslot()" function buffer overflow
Overview The Samba "sendmailslot" function contains a stack-based buffer overflow vulnerability which could be exploited by a remote, unauthenticated attacker to execute arbitrary code. Description Samba is a widely used open-source implementation of Server Message Block SMB/Common Internet File...
RSA Keon cross-site scripting vulnerabilities
Overview The RSA KEON Registration Authority web interface contains multiple cross-site scripting XSS vulnerabilities. Description The RSA Keon Certificate Authority CA software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers o...
ADODB.Connection ActiveX control memory corruption vulnerability
Overview The Execute function of the ADODB.Connection ActiveX object contains an unspecified vulnerability. This may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or possibly execute arbitrary code. Description Microsoft ADO ActiveX Data Objects are "...
X.509 certificate verification may be vulnerable to resource exhaustion
Overview Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion. This vulnerability may cause a denial of service. Description Included in X.509 certificates are public keys used for digital signature...
Oracle Text SQL injection vulnerability
Overview Oracle Text is vulnerable to SQL injection, which could allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description According to Oracle:Oracle Text uses standard SQL to index, search, and analyze text and documents stored in the Oracle...
Microsoft Internet Explorer contains URL decoding cross-domain vulnerability
Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...
Microsoft IIS contains vulnerability in NNTP service
Overview A vulnerability in the NNTP component of Microsoft IIS may allow a remote attacker to compromise the affected system. Description The Network News Transport Protocol NNTP is a protocol for the distribution, inquiry, retrieval, and posting of news articles over a network. Microsoft's...
MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free)
Overview The MIT Kerberos 5 library does not securely deallocate heap memory when decoding ASN.1 structures, resulting in double-free vulnerabilities. An unauthenticated, remote attacker could execute arbitrary code on a KDC server, which could compromise an entire Kerberos realm. An attacker may...
Microsoft Internet Explorer does not properly validate source of URL stored in Travel Log
Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs stored in the "Travel Log." An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacke...
OpenSSH PAM challenge authentication failure
Overview There is a vulnerability in the challenge authentication code of the Portable OpenSSH server when using the SSHv1 protocol and Pluggable Authentication Modules PAM. This vulnerability could permit a remote attacker to log in to the system as any user, including potentially root, without...
Adobe PDF viewers allow non-certified plug-ins to put viewers into Certified Mode
Overview By default, Adobe PDF viewers will start up and load non-certified plug-ins installed in a local plugins directory. Adobe Reader plug-ins not certified by Adobe, if allowed to load, can execute arbitrary code in the process space of the running viewer. One incremental impact of such...
SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension
Overview SSL/TLS implementations that respond distinctively to an incorrect PKCS 1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's...
Microsoft Word and Excel documents allow local file reading by via embedded fields
Overview Microsoft Word and Excel contain special encoding tags for formatting and updating content. An attacker may be able to use these tags to exploit an information disclosure vulnerability. Description Microsoft Word and Microsoft Excel are applications that ship as part of the Microsoft...
Microsoft SQL Server 2000 contains heap buffer overflow in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a remotely exploitable heap buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...
IBM AIX enq buffer overflow in -M argument
Overview There is a buffer overflow in the enq command that may allow a local attacker to gain root privileges. Description The enq command is used to add entries to a queue, usually for printing. There is a buffer overflow in the -M argument to the enq command. --- Impact An attacker with access...
MS Windows NT Terminal Server 4.0 buffer overflow in regapi.dll allows remote code execution or DoS
Overview Microsoft Windows NT 4.0 Terminal Server contains a buffer overflow that could allow an intruder to execute arbitrary code with the privileges of an administrator. Description There is a buffer overflow in the code that processes the username specifically in RegAPI.DLL in Microsoft Windo...
Microsoft Internet Explorer (IE) permits modification of URL displayed in address bar
Overview A vulnerability exists in Microsoft Internet Explorer which could could enable an attacker to spoof trusted web sites. Description A vulnerability exists in Microsoft Internet Explorer. This vulnerability could enable a web page to display the URL from a different web site in the IE...
Apple devices vulnerable to arbitrary code execution in SecureROM
Overview Some Apple devices are vulnerable to arbitrary code execution at the Boot ROM level called "SecureROM" by Apple by exploiting a use-after-free vulnerability. Successful exploitation results in the ability to execute arbitrary code on the device. checkm8 is a public exploit for this...
ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities
Overview According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Description According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version...
ReadyDesk contains multiple vulnerabilities
Overview ReadyDesk, version 9.1 and possibly others, contains SQL injection, path traversal, hard-coded cryptographic key, and arbitrary file upload vulnerabilities that may be leveraged to expose sensitive data and execute arbitrary code in the context of the vulnerable software. Description...
Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities
Overview Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary...
Multiple SSL certificate authorities use predefined email addresses as proof of domain ownership
Overview Multiple SSL certificate authorities may issue certificates to a customer based solely on the control of certain email addresses. This may allow an attacker to obtain a valid SSL certificate to perform HTTPS spoofing without generating a warning in the client software. Description When a...
Cobham thraneLINK improper verification of firmware updates vulnerability
Overview Cobham's thraneLINK protocol does not verify cryptographic signatures for firmware updates before installing them. This may allow an attacker to deploy a malicious firmware update to the device. Description CWE-347: Improper Verification of Cryptographic Signature IOActive reports that...
F5 Networks BIG-IP Edge Client information leakage vulnerability
Overview F5 Networks has reported a flaw in the BIG-IP APM and the FirePass client-side F5-signed Edge Client components. The components may leak information from memory. CWE-200 Description F5 Networks has reported a flaw in the BIG-IP APM and the FirePass client-side F5-signed Edge Client...
ZTE ZXV10 W300 router contains hardcoded credentials
Overview ZTE ZXV10 W300 router version 2.1.0, and possibly earlier versions, contains hardcoded credentials. CWE-798 Description ZTE ZXV10 W300 router contains hardcoded credentials that are useable for the telnet service on the device. The username is "admin" and the password is "XXXXairocon"...
Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.9.4 build 2995 contains a code injection vulnerability
Overview Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995 and possibly earlier versions contain a code injection vulnerability CWE-94. Description CWE-94:Improper Control of Generation of Code 'Code Injection' Thomson Reuters Velocity Analytics Vhayu Analytic Serve...
Baramundi Management Suite transmits data and stores keys and credentials insecurely
Overview Baramundi Management Suite versions 7.5 to 8.9 contains multiple vulnerabilities related to clear-text credential storage and transmission. Description CWE-319: Cleartext Transmission of Sensitive Information - CVE-2013-3593Baramundi Mangement Suite versions 7.5 to 8.9 transfers data in...
Dell PowerConnect 6248P series switch denial of service vulnerability
Overview Dell PowerConnect 6248P series switches contain a denial of service vulnerability when parsing malformed requests. Description Dell PowerConnect 6248P series switches contain a denial of service vulnerability when parsing malformed requests which could cause the switch to crash and becom...
Microsoft Internet Explorer 6/7/8/9 contain a use-after-free vulnerability
Overview Microsoft Internet Explorer versions 6, 7, 8, and 9 are susceptible to a use-after-free vulnerability CWE-416 that may result in remote code execution. Description Microsoft Internet Explorer 6/7/8/9 contains a use-after-free vulnerability in the CMshtmlEd::Exec function. An attacker may...
MarkAny ContentSAFER MASetupCaller ActiveX control arbitrary download and execution
Overview The MarkAny ContentSAFER MASetupCaller ActiveX control fails to restrict access to dangerous methods, which can allow a remote unauthenticated attacker to download and execute arbitrary code on a vulnerable system. Description MarkAny ContentSAFER is a DRM and watermarking product that i...
LG-Nortel ELO GS24M Switch contains multiple vulnerabilities
Overview The LG-Nortel ELO GS24M switch web management interface contains multiple vulnerabilities including; authentication bypass CWE-592 and information exposure CWE-200. Description The LG-Nortel ELO GS24M switch web management interface authentication can be bypassed by accessing URL's for...
ISC BIND 9 RPZ zone named denial-of-service vulnerability
Overview ISC BIND 9 contains a remote crashing vulnerability when running with certain RPZ configurations. Description According to ISC:A defect in the affected versions of BIND could cause the "named" process to exit when queried, if the server has recursion enabled and was configured with an RP...
Cisco AnyConnect SSL VPN arbitrary code execution
Overview The Cisco AnyConnect SSL VPN ActiveX and Java clients contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Cisco AnyConnect is an SSL VPN solution that is commonly initiated through use of a web browser...
Microsoft Windows MHTML script injection vulnerability
Overview Microsoft Windows contains an script injection vulnerability in the MHTML protocol handler, which may allow an attacker to execute arbitrary script within the context of another website domain. Description Microsoft Windows contains a script injection vulnerability caused by the way MHTM...
Apache mod_proxy_ftp XSS vulnerability
Overview The Apache web server modproxyftp module contains a cross-site scripting XSS vulnerability. Description The Apache modproxyftp module allows the Apache web server to act as a proxy for FTP sites. Filename globbing is the process of using wildcards to match filenames. The modproxyftp modu...
Liferay Portal fails to protect against CSRF
Overview Liferay Portal fails to properly protect against Cross-Site Request Forgery CSRF. This may allow a remote attacker to be able to forge requests that Liferay Portal takes action upon. Description Liferay Portal is an enterprise portal solution that uses Java technologies. Liferay Portal...
Microsoft Windows IGMPv3 and MLDv2 processing vulnerability
Overview Microsoft Windows fails to properly process IGMPv3 and MLDv2 network traffic. If exploited, this vulnerability may result in arbitrary code execution or a denial-of-service condition. Description Internet Group Management Protoco IGMP is the protocol used by IPv4 hosts to report their...
Computer Associates BrightStor ARCserve Backup LGSERVER.EXE heap buffer overflow
Overview Computer Associates BrightStor ARCserve Backup contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Computer Associates BrightStor ARCserve Backup products come with a service called LGSERVER.EXE. Thi...
Microsoft Outlook fails to properly process a VEVENT record
Overview Microsoft Outlook contains a memory corruption vulnerability that could enable an attacker to execute arbitrary code and gain complete control of the vulnerable system. Description Microsoft Outlook fails to properly handle malformed VEVENT records. When an .iCal meeting request containi...
Wireshark contains an unspecified vulnerability in the XOT dissector
Overview Wireshark contains a vulnerability in the XOT dissector that may cause the application to crash. Description Wireshark contains a vulnerability in the XOT dissector that may allow the application to allocate a large amount of memory and cause the application to crash. This vulnerability...
XMLHttpRequest Object security bypass in Opera Web Browser
Overview The Opera Web Browser fails to properly enforce security restrictions on the XMLHttpRequest Object. This may allow a remote, unauthenticated attacker to insert content from potentially malicious web sites. Description The XMLHttpRequest Object is a scripting object that provides routines...
Microsoft Log Sink Class ActiveX control incorrectly marked "safe for scripting"
Overview The Microsoft Log Sink Class ActiveX control is incorrectly marked safe for scripting. This may allow a remote attacker to create or append to arbitrary files on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software components...
Microsoft Windows LoadImage API vulnerable to integer overflow
Overview The Microsoft Windows LoadImage API routine is vulnerable to an integer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The LoadImage API routine is used to load an image from a file on Microsoft Windows platforms. The LoadImage API...
Microsoft Windows Internet Naming Service (WINS) replication protocol contains a heap-based buffer overflow
Overview A buffer overflow vulnerability in the Microsoft Windows Internet Naming Service WINS replication protocol may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names. WIN...
Microsoft Internet Explorer does not properly handle cached HTTPS contents
Overview Microsoft Internet Explorer fails to properly validate cached HTTPS contents, allowing an attacker to obtain information or spoof information on a secure web site. Description The HTTPS protocol is used to provide authentication, encryption, integrity, and non-repudiation services to web...
Microsoft Internet Explorer treats arbitrary files as images for drag and drop operations
Overview Microsoft Internet Explorer IE treats arbitrary files as images during drag and drop mouse operations. This could allow an attacker to trick a user into copying a file to a location where it may be executed, such as the Windows StartUp folder. Description IE treats any file referenced by...
KAME Racoon IKE daemon fails to properly verify client RSA signatures
Overview The KAME Racoon IKE daemon fails to properly verify client RSA signatures when using Main or Aggressive Mode during a Phase 1 IKE exchange. Description Racoon is an IKE Key Management daemon that negotiates and configures a set of parameters for IPSec. When authenticating a peer in Phase...
OpenSSL does not properly handle unknown message types
Overview OpenSSL does not properly handle unknown message types, allowing an unauthenticated, remote attacker to cause a denial of service. This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS...