3704 matches found
Oracle TNS protocol fails to properly validate authentication requests
Overview The Oracle TNS protocol authentication mechanism fails to properly sanitize authentication requests, possibly allowing a remote attacker to execute arbitrary SQL statements with elevated privileges. Description Oracle databases authenticate and manage database connections via Oracle...
Microsoft Log Sink Class ActiveX control incorrectly marked "safe for scripting"
Overview The Microsoft Log Sink Class ActiveX control is incorrectly marked safe for scripting. This may allow a remote attacker to create or append to arbitrary files on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software components...
Microsoft Windows LoadImage API vulnerable to integer overflow
Overview The Microsoft Windows LoadImage API routine is vulnerable to an integer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The LoadImage API routine is used to load an image from a file on Microsoft Windows platforms. The LoadImage API...
Microsoft Windows Internet Naming Service (WINS) replication protocol contains a heap-based buffer overflow
Overview A buffer overflow vulnerability in the Microsoft Windows Internet Naming Service WINS replication protocol may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names. WIN...
Microsoft Internet Explorer treats arbitrary files as images for drag and drop operations
Overview Microsoft Internet Explorer IE treats arbitrary files as images during drag and drop mouse operations. This could allow an attacker to trick a user into copying a file to a location where it may be executed, such as the Windows StartUp folder. Description IE treats any file referenced by...
OpenSSL does not properly handle unknown message types
Overview OpenSSL does not properly handle unknown message types, allowing an unauthenticated, remote attacker to cause a denial of service. This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS...
Microsoft Internet Explorer does not properly validate source of URL stored in Travel Log
Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs stored in the "Travel Log." An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacke...
SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension
Overview SSL/TLS implementations that respond distinctively to an incorrect PKCS 1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's...
Blahz-DNS does not properly authenticate users before granting access to various configuration pages
Overview Blahz-DNS does not properly authenticate users. Description Blahz-DNS does not properly authenticate users. As a result, an attacker can gain access to various configuration pages. For more detailed information, please see the ppp-design advisory. --- Impact An attacker can gain access t...
AOL Instant Messenger vulnerable to buffer overflow via crafted "addbuddy" URI sent in message
Overview America Online's Instant Messenger AIM contains a remotely exploitable buffer overflow vulnerability. Description AOL Instant Messenger is a widely used program for communicating with other users over the Internet. A buffer overflow exists in the processing of the addbuddy parameter of t...
SquirrelMail compose.php script does not adequately validate input thereby allowing arbitrary user to send messages
Overview Some versions of SquirrelMail do not properly validate input. Attackers can spoof email addresses through this vulnerability. Description SquirrelMail is a collection of PHP4 scripts that provides webmail services. Prior to version 1.24, SquirrelMail does not properly validate Universal...
System V derived login contains a remotely exploitable buffer overflow
Overview A remotely exploitable buffer overflow exists in implementations of login , derived from System V. An attacker can use this vulnerability to gain the privileges of the process that invoked login , user root in the cases of in.telnetd, or in.rlogind. We have been able to determine that...
Microsoft Index Server/Indexing Service used by IIS 4.0/5.0 contains unchecked buffer used when encoding double-byte characters
Overview A vulnerability exists in the Indexing services used by Microsoft IIS 4.0 and IIS 5.0 running on Windows NT, Windows 2000, and beta versions of Windows XP. Exploitations of this vulnerability allows a remote intruder to run arbitrary code on the victim machine. Description There is a...
RUCKUS Virtual SmartZone (vSZ) and RUCKUS Network Director (RND) contain multiple vulnerabilities
Overview Multiple vulnerabilities have been identified in RUCKUS Networks management products, specifically Virtual SmartZone vSZ and Network Director RND, including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution...
Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities
Overview Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and...
Netmaster cable modem information leakage vulnerability
Overview The Netmaster CBW700N wireless cable modem enables remote SNMP public access by default Description CWE-200- Information Exposure The Netmaster CBW700N wireless cable modem running software version 81.447.392110.729.024 was found to expose sensitive information such as username, password...
Cobham thraneLINK improper verification of firmware updates vulnerability
Overview Cobham's thraneLINK protocol does not verify cryptographic signatures for firmware updates before installing them. This may allow an attacker to deploy a malicious firmware update to the device. Description CWE-347: Improper Verification of Cryptographic Signature IOActive reports that...
Mediatrix 4402 digital gateway web interface contains a cross-site scripting (XSS) vulnerability
Overview Mediatrix's web management interface for the 4402 digital gateway device with firmware version Dgw 1.1.13.186, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation...
Baramundi Management Suite transmits data and stores keys and credentials insecurely
Overview Baramundi Management Suite versions 7.5 to 8.9 contains multiple vulnerabilities related to clear-text credential storage and transmission. Description CWE-319: Cleartext Transmission of Sensitive Information - CVE-2013-3593Baramundi Mangement Suite versions 7.5 to 8.9 transfers data in...
Adobe Reader and Acrobat font memory corruption vulnerability
Overview Adobe Reader and Acrobat fail to properly handle font data, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description A critical vulnerability exists in the font parsing code in Adobe Reader and Acrobat. The vulnerability results i...
Blackboard Transact database credentials disclosure
Overview The Blackboard Transact application contains two vulnerabilities that allow an unauthorized user to access the database credentials. Description The Blackboard Transact application previously know as Blackboard Commerce Suite comes with a utility called BbtsConnectionEdit.exe that is use...
SSH CBC vulnerability
Overview A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext. Description The Secure Shell SSH is a network protocol that creates a secure channel between two networked devices in order to allow data to be exchange...
Adobe Reader and Acrobat JavaScript methods buffer overflow vulnerabilities
Overview Adobe Reader and Acrobat contains multiple buffer overflow vulnerabilities. Successful exploitation of this vulnerability may allow an attacker to execute code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the...
BIND version 8 generates cryptographically weak DNS query identifiers
Overview ISC BIND version 8 generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. Version 8 of the BIND...
Microsoft Windows DNS RPC buffer overflow
Overview The Microsoft DNS service Remote Procedure Call RPC implementation contains a stack buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges. Description The Microsoft Windows DNS service uses RPC to facilitate remote management. Th...
Computer Associates BrightStor ARCserve Backup LGSERVER.EXE heap buffer overflow
Overview Computer Associates BrightStor ARCserve Backup contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Computer Associates BrightStor ARCserve Backup products come with a service called LGSERVER.EXE. Thi...
Sun Solaris Kernel SSL Proxy service is vulnerable to a denial of service condition
Overview The Sun Solaris Kernel SSL Proxy service contains a flaw that may allow a remote attacker to cause a denial of service condition. Description Sun Solaris 10 operating system provides a module called the SSL Kernel Proxy to improve the performance of applications that do SSL packet...
Mozilla display style vulnerability
Overview Mozilla products contain an unspecified vulnerability in the way they handle display styles. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Mozilla products contain an unspecified vulnerability in the way they...
Microsoft Windows contains vulnerability in Window Management API
Overview A vulnerability in the Microsoft Windows window application programming interfaces APIs could allow a local attacker to gain elevated privileges on a vulnerable system. Description Microsoft Windows contains a vulnerability in the window management application programming interface API...
Apple Safari fails to properly handle form data in HTTP redirects
Overview There is a vulnerability in the way Safari handles form data that may expose sensitive information when the forward/backward buttons are used. Description Apple Safari is a web browser available for the Mac OS X operating system. A vulnerability exists in the way Safari handles web form...
Cisco IOS Interface Blocked by IPv4 Packet
Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. Description Cisco IOS is a very widely deployed network operating system. A vulnerability in IO...
PHPNuke 'admin.php' script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files
Overview PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. Attackers may exploit this vulnerability to copy, move, or upload files. Description PHPNuke is a set of PHP scripts designed to simplify website creation and maintenance. The "admin.php"...
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups
Overview Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a deni...
Microsoft Internet Information Server (IIS) vulnerable to DoS via malformed FTP connection status request
Overview A vulnerability in IIS could allow an intruder to disrupt ordinary operations of both FTP and Web services on vulnerable IIS servers. Description IIS includes an FTP server. An intruder who sends a malformed request for the status of an existing connection could cause the IIS server to...
iPlanet Directory Server contains multiple vulnerabilities in LDAP handling code
Overview The iPlanet Directory Server contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product,...
Solaris Line Printer Daemon (in.lpd) vulnerable to buffer overflow via transfer job routine
Overview A buffer overflow exists in the Solaris line printer daemon in.lpd that may allow a remote intruder to execute arbitrary code with the privileges of the running in.lpd. This daemon runs with root privileges by default on all recent versions of Solaris. Description The Solaris in.lpd...
New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities
Overview Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain two vulnerabilities. The first is an authentication bypass vulnerability that allows an unauthenticated user to access content from both inside and outside the network. The second is a...
LLVMs Arm stack protection feature can be rendered ineffective
Overview The stack protection feature in LLVM's Arm backend can be rendered ineffective when the stack protector slot is re-allocated so that is appears after the local variables that it is meant to protect, leaving the function potentially vulnerable to a stack-based buffer overflow. Description...
GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed
Overview GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 and GB-BXi7-5775 platforms, versions vF6 and vF2 respectively, fails to properly set the BIOSWE, BLE, SMMBWP, and PRx bits to enforce write protection. It also is not cryptographically signed. These issues may permit an attacker to write...
Adobe Flash memory corruption vulnerability
Overview Adobe Flash contains an unspecified vulnerability that is currently being exploited in the wild. Description Adobe Flash Player 21.0.0.242 and earlier contain an unspecified vulnerability that an allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability is...
HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password
Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is...
HP Client Automation and Radia Client Automation is vulnerable to remote code execution
Overview Radia Client Automation previously sold under the name HP Client Automation agent prior to version 9.1 is vulnerable to arbitrary remote code execution. Description According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860: "This vulnerability allows remote...
Adobe Flash ActionScript 3 BitmapData memory corruption vulnerability
Overview Adobe Flash Player contains a vulnerability in the ActionScript 3 BitmapData object, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash Player versions 9.0 through version 18.0.0.204 contain amemory corruption...
Netgear ProSafe Plus Configuration Utility writes out plaintext passwords to backup configuration files
Overview The Netgear ProSafe Plus Configuration Utility exposes password information via the configuration backup file. Description CWE-200- Information Exposure The Netgear ProSafe Plus Configuration Utility provides a feature to back up switch configuration. In the backup file, the device...
Joomla! Media Manager allows arbitrary file upload and execution
Overview An authenticated attacker may be able to upload active content to websites running older versions of Joomla. Description CWE-434: Unrestricted Upload of File with Dangerous Type A vulnerability has been discovered in older versions of the Joomla! content management software that allow an...
Plesk Panel 11.0.9 privilege escalation vulnerabilities
Overview Plesk Panel 11.0.9 and possibly earlier versions contains multiple privilege escalation vulnerabilities. Description Plesk Panel contains multiple privilege escalation vulnerabilities which may allow an attacker to run arbitrary code as the root user. Special-case rules in Plesk's custom...
Webmin contains input validation vulnerabilities
Overview Webmin 1.580, and possibly earlier versions, has been reported to contain input validation vulnerabilities. Description The advisories from American Information Security Group report the following vulnerabilities.CWE-20: Improper Input Validation - CVE-2012-2981 "An input validation flaw...
Adobe Flash code execution vulnerability
Overview Adobe Flash 10.1.85.3 contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash 10.1.85.3 and earlier versions as well as 10.2.161.23 and earlier 10.2 preview versions contain a vulnerability that...
Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings
Overview Cisco Industrial Ethernet 3000 IE 3000 Series switches running Cisco IOS Software releases 12.252SE or 12.252SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device. Description Cisco Industrial Ethernet...
Energizer DUO USB battery charger software allows unauthorized remote system access
Overview The software available for the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access. Description Energizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been...