Netmaster cable modem information leakage vulnerability

Overview The Netmaster CBW700N wireless cable modem enables remote SNMP public access by default Description CWE-200- Information Exposure The Netmaster CBW700N wireless cable modem running software version 81.447.392110.729.024 was found to expose sensitive information such as username, password...

Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials

Overview Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. CWE-798 Description Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ntgruse...

Mediatrix 4402 digital gateway web interface contains a cross-site scripting (XSS) vulnerability

Overview Mediatrix's web management interface for the 4402 digital gateway device with firmware version Dgw 1.1.13.186, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation...

Joomla! Media Manager allows arbitrary file upload and execution

Overview An authenticated attacker may be able to upload active content to websites running older versions of Joomla. Description CWE-434: Unrestricted Upload of File with Dangerous Type A vulnerability has been discovered in older versions of the Joomla! content management software that allow an...

Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability

Overview Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page. Description It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so symlinked to /usrl/lib/browser/plugins/libkindleplugin.so tha...

ISC DHCP dhclient stack buffer overflow

Overview The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provides a framework for passing...

Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities

Overview Adobe Reader and Acrobat contain vulnerabilities in the customDictionaryOpen and getAnnots JavaScript methods. Description Adobe Reader and the Adobe Acrobat family of software is designed to create, view, and edit Portable Document Format PDF files. Adobe Reader is widely deployed, and...

Microsoft Jet Engine stack buffer overflow

Overview The Microsoft Jet Engine contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Jet, or Joint Engine Technology, is a database engine that is used by several Microsoft products, includin...

Microsoft Windows DNS RPC buffer overflow

Overview The Microsoft DNS service Remote Procedure Call RPC implementation contains a stack buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges. Description The Microsoft Windows DNS service uses RPC to facilitate remote management. Th...

Apple Mac OS X ImageIO integer overflow vulnerability

Overview Apple's ImageIO framework contains an integer overflow vulnerability that may allow an attacker to execute code on a vulnerable system. Description Graphics Interchange Format GIF is a popular image format supported by many Apple Mac OS X applications. The ImageIO framework allows...

SupportSoft ActiveX controls contain multiple buffer overflows

Overview The SupportSoft ActiveX controls contain multiple buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SupportSoft provides multiple ActiveX packages that are used by third party vendors to...

Sun Java JRE vulnerable to privilege escalation

Overview A vulnerability in the Sun Java Runtime Environment may allow a malicious applet to gain elevated privileges. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple operati...

GnuPG vulnerable to remote data control

Overview A vulnerability in GnuPG could allow a remote attacker to execute arbitrary code on an affected system. Description GNU Privacy Guard GnuPG is the GNU project's implementation of the OpenPGP standard as defined by RFC2440.OpenPGP messages are processed by GnuPG using data structures call...

MySQL fails to properly validate COM_TABLE_DUMP packets

Overview MySQL contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable server. Description MySQL and COMTABLEDUMPMySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems...

Apple QuickTime PictureViewer PICT data decompression buffer overflow

Overview Apple QuickTime PictureViewer contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote audio/video content. PictureViewer is a...

Cisco IOS OSPF neighbor IO buffer overflow

Overview Cisco Internetwork Operating System IOS is the operating system for the majority of Cisco routers. Open Shortest-Path First OSPF is a interior routing protocol. A flaw in some Cisco IOS versions can allow a buffer overflow when handling a large number of OSPF neighbor connection requests...

Microsoft Windows vulnerable to DoS via LAND attack

Overview A vulnerability in Microsoft Windows may allow a remote attacker to cause a denial of service. Description Microsoft Windows XP SP2 and Windows Server 2003 are vulnerable to a denial-of-service attack via a crafted TCP packet. The packet is spoofed in a manner such that the source and...

Microsoft Windows does not adequately validate IP options

Overview Microsoft Windows does not adequately validate IP options, allowing an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. An attacker could take complete control of a vulnerable system. Description Several versions of the Microsoft Windows IP stack a...

Symantec products vulnerable to buffer overflow via a specially crafted UPX file

Overview The Symantec AntiVirus Library DEC2EXE component is vulnerable to remote arbitrary code execution. Description The Symantec AntiVirus Library is used in many Symantec and third-party virus scanning products, including Symantec Norton Antivirus and Symantec BrightMail AntiSpam.The AntiVir...

Microsoft Hyperlink Object Library buffer overflow

Overview A buffer overflow exists in the Microsoft Windows system library used when handling hyperlinks. All currently supported versions of Microsoft Windows are affected. Description An unchecked buffer in the Microsoft Object Library is vulnerable to attack when malformed hyperlinks are handle...

Apple Mac OS X CoreFoundation CFPlugIn facilities automatically load plug-in executables

Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to gain elevated privileges. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications i...

Apple Safari fails to properly handle form data in HTTP redirects

Overview There is a vulnerability in the way Safari handles form data that may expose sensitive information when the forward/backward buttons are used. Description Apple Safari is a web browser available for the Mac OS X operating system. A vulnerability exists in the way Safari handles web form...

Microsoft Internet Explorer contains a double-free vulnerability in the processing of GIF files

Overview A double-free vulnerability in Microsoft's Internet Explorer IE web browser could allow a remote attacker to cause a denial-of-service condition or execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE is a web browser. A double-free vulnerability has...

Microsoft Windows contains a buffer overflow in the POSIX subsystem

Overview A buffer overflow vulnerability exists in the Portable Operating System Interface for UNIX POSIX subsystem for Windows NT 4.0 and Windows 2000. This vulnerability may be exploited by a local authenticated user to gain full system privileges. Description Windows NT 4.0 and Windows 2000...

Microsoft Windows 2000 LSASS fails to properly handle certain LDAP messages

Overview A vulnerability exists in the Lightweight Directory Access Protocol LDAP message processing of the Windows 2000 domain controller. An attacker may be able to cause a denial-of-service condition to the vulnerable Active Directory domain. Description A vulnerability exists in the processin...

Ethereal integer underflow when parsing malformed PGM packets with NAK lists

Overview Ethereal fails to properly parse Pragmatic General Multicast PGM packets containing a crafted negative acknowledgement NAK list. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing PGM data. There is a vulnerability in the way...

Microsoft Outlook fails to properly filter parameters passed via "mailto:" URL

Overview A vulnerability in the way that Microsoft Outlook 2002 handles a certain type of hyperlink could allow a remote attacker to execute arbitrary code on the vulnerable system. Description Microsoft Outlook provides a centralized application for managing and organizing e-mail messages,...

OpenSSL 0.9.6k does not properly handle ASN.1 sequences

Overview A vulnerability in the way OpenSSL handles ASN.1 elements could allow a remote attacker to cause a denial of service on systems running Microsoft Windows. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose...

OpenSSL ASN.1 parser insecure memory deallocation

Overview A vulnerability in the way OpenSSL deallocates memory used to store ASN.1 structures could allow a remote attacker to execute arbitrary code with the privileges of the process using the OpenSSL library. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer...

Apache vulnerable to DoS via request for MS-DOS device

Overview Systems running the Apache web server under some versions of Microsoft Windows may be vulnerable to a remote denial-of-service condition. Description The Apache HTTP server fails to filter GET requests for MS-DOS style device names. This results in a denial-of-service vulnerability on...

Microsoft SmartHTML interpreter (shtml.dll) contains vulnerability

Overview Microsoft's SmartHTML interpreter shtml.dll contains a remotely exploitable vulnerability. Description shtml.dll is a component of FrontPage Server Extensions. FrontPage Server Extensions allow web developers to add or change content and to manage the web server.Quoting from MS02-053, "T...

PHPNuke 'admin.php' script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files

Overview PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. Attackers may exploit this vulnerability to copy, move, or upload files. Description PHPNuke is a set of PHP scripts designed to simplify website creation and maintenance. The "admin.php"...

OpenSSL clients contain a buffer overflow during the SSL3 handshake process

Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL clients that could lead to the execution of arbitrary code on the client's system. Description OpenSSL clients using SSLv3 prior to version 0.9.6e and...

Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via malformed server-side include directive

Overview A buffer overflow in the code that processes server-side include files on IIS 4.0 and IIS 5.0 could allow an intruder to execute code with the privileges of the web server. Description A buffer overflow exists in the code that processes server side include directives on IIS versions 4 an...

Eyedog ActiveX control incorrectly marked "safe for scripting"

Overview Versions of the Eyedog ActiveX control current circa August, 1999, are incorrectly marked safe for scripting. Description Eyedog is an ActiveX control that was used to perform diagnostic function in Windows. It was marked as safe for scripting, which means that it could be called from...

Solaris ufsrestore buffer overflow in command pathname parameters for interactive session

Overview There is a buffer overflow in ufsrestore, a file restoration utility. Description When operating in interactive mode, the pathname parameter of the extract command is not properly bounds checked. When used in conjunction with long pathnames contained in the dump file, an internal buffer...

Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS

Overview Visual Voice Mail VVM services transmit unencrypted credentials via SMS. An attacker with the ability to read SMS messages can obtain VVM IMAP credentials and gain access to VVM data. Description VVM is specified by Open Mobile Terminal Platform-OMPT and is implemented with SMS and IMAP...

Vertiv Avocent UMG-4000 vulnerable to command injection and cross-site scripting vulnerabilities

Overview The Vertiv Avocent Universal Management Gateway Model UMG-4000 is a data center management appliance. The web interface of the UMG-4000 is vulnerable to command injection, stored cross-site scripting XSS, and reflected XSS, which may allow an authenticated attacker with administrative...

PHP FormMail Generator generates code vulnerable to multiple issues

Overview PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types. Description PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The co...

Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerability

Overview The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file. Description CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' - CVE-2016-6565The Imagely NextGen Gallery...

Amped Wireless R10000 router contains multiple vulnerabilities

Overview Amped Wireless R10000 router, firmware version 2.5.2.11, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255: Credentials Management - CVE-2015-7277The Amped Wireless R10000 web administration...

HP Client Automation and Radia Client Automation is vulnerable to remote code execution

Overview Radia Client Automation previously sold under the name HP Client Automation agent prior to version 9.1 is vulnerable to arbitrary remote code execution. Description According to ZDI's advisory for ZDI-15-363, which has been assigned CVE-2015-7860: "This vulnerability allows remote...

X-Cart contains multiple vulnerabilities

Overview X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting XSS, and versions 5.1.10 and below are vulnerable to authorization bypass. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2015-0950X-Cart versions 5.1...

NSIS Inetc plug-in fails to validate SSL certificates

Overview The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing. Description Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet. Although Inetc supports...

NetCommWireless NB604N ADSL2+ Wireless N300 Modem Router contains a stored cross-site scripting vulnerability

Overview NetCommWireless NB604N ADSL2+ Wireless N300 Modem Router contains a stored cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' NetCommWireless NB604N ADSL2+ Wireless N300 Modem Routers running...

Netgear ProSafe Plus Configuration Utility writes out plaintext passwords to backup configuration files

Overview The Netgear ProSafe Plus Configuration Utility exposes password information via the configuration backup file. Description CWE-200- Information Exposure The Netgear ProSafe Plus Configuration Utility provides a feature to back up switch configuration. In the backup file, the device...

Plesk Panel 11.0.9 privilege escalation vulnerabilities

Overview Plesk Panel 11.0.9 and possibly earlier versions contains multiple privilege escalation vulnerabilities. Description Plesk Panel contains multiple privilege escalation vulnerabilities which may allow an attacker to run arbitrary code as the root user. Special-case rules in Plesk's custom...

NVIDIA Windows video card drivers contain multiple vulnerabilities

Overview NVIDIA video card drivers contain multiple vulnerabilities. Description The NVIDIA security advisory states:CVE-2013-0109: NVIDIA Display Driver Service Vulnerability Due to an issue identified with the NVIDIA driver, a malicious actor could – by forcing exceptions and overwriting memory...

Anymacro Mail System G4X email server web interface directory traversal vulnerability

Overview Anymacro Mail System G4X email server web interface contains a directory traversal vulnerability. Description According to Anymacro's website: Anymacro Mail System is a professional e-mail and unified messaging product solution. Anymacro Mail System can be used for an e-mail platform for...

Microsoft Internet Explorer iepeers.dll use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer provides support for Web Folders and printing through the use of the...