3704 matches found
APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery
Overview The web management interface for the APC Network Monitoring Card NMC used in various APC devices contains cross-site scripting XSS and cross-site request forgery CSRF/XSRF vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker...
Cyrus IMAPd buffer overflow vulnerability
Overview The Cyrus IMAP server contains a vulnerability that may allow an authenticated attacker to execute code. Description The Cyrus IMAP mail server supports the SIEVE mail filtering language. Cyrus IMAP versions 2.2 through 2.3.14 contain a buffer overflow vulnerability that may be triggered...
Microsoft Windows Vista Teredo IPv6 interface firewall bypass vulnerability
Overview A vulnerability in the Microsoft Windows Vista firewall may allow an attacker to send unfiltered IPv6 traffic to a vulnerable system. Description Internet Protocol version 6 IPv6 is an IP standard that is designed to replace the Internet Protocol version 4 IPv4. The Microsoft Teredo...
SupportSoft ActiveX controls contain multiple buffer overflows
Overview The SupportSoft ActiveX controls contain multiple buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SupportSoft provides multiple ActiveX packages that are used by third party vendors to...
Microsoft Outlook vulnerable to DoS via a malformed email message
Overview There is a vulnerability in the way Microsoft Outlook handles malformed email messages that may allow a remote, unauthenticated attacker to cause a denial of service. Description Microsoft Outlook contains a vulnerability in the way that it handles certain email message headers. Accordin...
Sun Java JRE vulnerable to privilege escalation
Overview A vulnerability in the Sun Java Runtime Environment may allow a malicious applet to gain elevated privileges. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple operati...
Apple Mac OS X AFP server vulnerable to DoS via maliciously crafted AFP request
Overview A vulnerability in the Apple Mac OS X AFP server may allow an attacker to cause a denial-of-service condition on an affected system. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to access files remotely from a server. Apple's Mac OS X AFP server contains ...
Multiple D-Link routers fail to properly process UPnP M-SEARCH requests
Overview A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device. Description UPnP Universal Plug and Play UPnP is a system that allows network devices to operate together. M-SEAR...
Sendmail fails to handle malformed multipart MIME messages
Overview Sendmail does not properly handle malformed multipart MIME messages. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. Description Sendmail Sendmail is a widely used mail transfer agent MTA. Mail Transfer Agents MTA MTAs are responsib...
MySQL fails to properly validate COM_TABLE_DUMP packets
Overview MySQL contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable server. Description MySQL and COMTABLEDUMPMySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems...
Sun Java Reflection API security bypass vulnerabilities
Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...
Microsoft Windows vulnerable to DoS via LAND attack
Overview A vulnerability in Microsoft Windows may allow a remote attacker to cause a denial of service. Description Microsoft Windows XP SP2 and Windows Server 2003 are vulnerable to a denial-of-service attack via a crafted TCP packet. The packet is spoofed in a manner such that the source and...
Symantec Norton AntiVirus vulnerable to DoS via the "Auto-Protect" module
Overview Symantec Norton AntiVirus may hang or crash when the Auto-Protect module scans certain files. Description Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic file scanning and detection of viruse...
Symantec products vulnerable to buffer overflow via a specially crafted UPX file
Overview The Symantec AntiVirus Library DEC2EXE component is vulnerable to remote arbitrary code execution. Description The Symantec AntiVirus Library is used in many Symantec and third-party virus scanning products, including Symantec Norton Antivirus and Symantec BrightMail AntiSpam.The AntiVir...
Microsoft Internet Explorer contains a double-free vulnerability in the processing of GIF files
Overview A double-free vulnerability in Microsoft's Internet Explorer IE web browser could allow a remote attacker to cause a denial-of-service condition or execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE is a web browser. A double-free vulnerability has...
Ethereal integer underflow when parsing malformed PGM packets with NAK lists
Overview Ethereal fails to properly parse Pragmatic General Multicast PGM packets containing a crafted negative acknowledgement NAK list. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing PGM data. There is a vulnerability in the way...
OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake
Overview OpenSSL contains a vulnerability in code that processes SSL/TLS handshakes when configured to use the Kerberos cipher suites. This vulnerability could allow a remote attacker to cause OpenSSL to crash. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Securi...
metamail contains multiple format string vulnerabilities
Overview Multiple format string vulnerabilities in the metamail package could allow a remote attacker to execute arbitrary code on the vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the...
OpenSSL 0.9.6k does not properly handle ASN.1 sequences
Overview A vulnerability in the way OpenSSL handles ASN.1 elements could allow a remote attacker to cause a denial of service on systems running Microsoft Windows. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose...
Vulnerability in OpenSSH daemon (sshd)
Overview A vulnerability in the OpenSSH daemon sshd may give remote attackers a better chance of gaining access to restricted resources. Description OpenSSH is an implementation of the Secure Shell protocol. It is used to provide strong authentication and cryptographically secure communications...
Apache vulnerable to DoS via request for MS-DOS device
Overview Systems running the Apache web server under some versions of Microsoft Windows may be vulnerable to a remote denial-of-service condition. Description The Apache HTTP server fails to filter GET requests for MS-DOS style device names. This results in a denial-of-service vulnerability on...
Microsoft SQLXML ISAPI filter vulnerable to buffer overflow via contenttype parameter
Overview A buffer overflow vulnerability exists in the Microsoft SQLXML Internet Services Application Programming Interface ISAPI extension for Internet Information Server IIS. This vulnerability could allow a remote attacker to cause a denial of service or execute arbitrary code with LocalSystem...
Beck GmbH IPC@Chip TelnetD vulnerable to brute-force password attack
Overview There is a vulnerability in the Beck IPC@CHIP that may allow an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device contains a telnet server that "leaks information". That is, when an attacker connects to the telnet daemon...
Vertiv Avocent UMG-4000 vulnerable to command injection and cross-site scripting vulnerabilities
Overview The Vertiv Avocent Universal Management Gateway Model UMG-4000 is a data center management appliance. The web interface of the UMG-4000 is vulnerable to command injection, stored cross-site scripting XSS, and reflected XSS, which may allow an authenticated attacker with administrative...
Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerability
Overview The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file. Description CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' - CVE-2016-6565The Imagely NextGen Gallery...
U by BB&T iOS banking application fails to properly validate SSL certificates
Overview U by BB&T for iOS, version 1.5.4 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation - CVE-2016-6550U by BB&T is a banking...
D-Link routers contain buffer overflow vulnerability
Overview D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code. Description CWE-121:Stack-based Buffer Overflow - CVE-2016-5681A stack-based buffer overflow occurs in the function within the cgibin binary which validates...
Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability
Overview Quagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in bgpd with BGP peers enabled for VPNv4 that may leveraged to gain code execution. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2342Quagga is a software routing suite that implements numerous...
ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery
Overview ZyXEL NBG-418N router, firmware version 1.00AADZ.3C0, uses default credentials and is vulnerable to cross-site request forgery. Description CWE-255: Credentials Management - CVE-2015-7283The ZyXEL NBG-418N web administration interface uses non-random default credentials of admin:1234. A...
Amped Wireless R10000 router contains multiple vulnerabilities
Overview Amped Wireless R10000 router, firmware version 2.5.2.11, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255: Credentials Management - CVE-2015-7277The Amped Wireless R10000 web administration...
X-Cart contains multiple vulnerabilities
Overview X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting XSS, and versions 5.1.10 and below are vulnerable to authorization bypass. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2015-0950X-Cart versions 5.1...
NetCommWireless NB604N ADSL2+ Wireless N300 Modem Router contains a stored cross-site scripting vulnerability
Overview NetCommWireless NB604N ADSL2+ Wireless N300 Modem Router contains a stored cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' NetCommWireless NB604N ADSL2+ Wireless N300 Modem Routers running...
Arris Touchstone cable modem information leakage vulnerabiliity
Overview Arris Touchstone DG950A cable modem enables SNMP public access by default. Description CWE-200- Information Exposure The Arris Touchstone DG950A cable modem running software version 7.10.131 was found to expose sensitive information such as passwords, ssids, and wifi keys via the SNMP...
Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials
Overview Netgear GS105PE Prosafe Plus Switch firmware version 1.2.0.5 contains hard-coded credentials. CWE-798 Description Netgear GS105PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ntgruse...
Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability
Overview Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page. Description It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so symlinked to /usrl/lib/browser/plugins/libkindleplugin.so tha...
ISC DHCP dhclient stack buffer overflow
Overview The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provides a framework for passing...
Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities
Overview Adobe Reader and Acrobat contain vulnerabilities in the customDictionaryOpen and getAnnots JavaScript methods. Description Adobe Reader and the Adobe Acrobat family of software is designed to create, view, and edit Portable Document Format PDF files. Adobe Reader is widely deployed, and...
ABB PCU400 vulnerable to buffer overflow
Overview ABB PCU400 contains a vulnerability which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The ABB PCU400 application serves as a communication gateway between RTUs that use the IEC-870-5-104 protocol and the SCADA server. The...
HP Online Support Services ActiveX ExtractCab() buffer overflow
Overview HP Online Support Services contains the function ExtractCab, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system in the context of the local user. Description HP Services provides online...
ClamAV upack heap buffer overflow vulnerability
Overview The ClamAV anti-virus scanner contains a vulnerability that may allow an attacker to execute code or cause ClamAV to crash. Description The Portable Executable PE file format is a file format for executable files that is used in Microsoft Windows. PE files can be packed with executable...
Microsoft Jet Engine stack buffer overflow
Overview The Microsoft Jet Engine contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Jet, or Joint Engine Technology, is a database engine that is used by several Microsoft products, includin...
Quiksoft EasyMail SMTP ActiveX control stack buffer overflow vulnerabilities
Overview The Quiksoft EasyMail SMTP ActiveX control contains multiple stack buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Quiksoft EasyMail Objects is a set of ActiveX controls that provides emai...
MIT Kerberos kadmind RPC library gssrpc__svcauth_unix() integer conversion error
Overview The MIT Kerberos administration daemon kadmind contains an integer conversion error vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description The gssrpcsvcauthunix function used by the Kerberos administration...
Microsoft Windows "MHTML" protocol handler fails to properly handle URL redirections
Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret URL redirections, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets URL redirections. The...
Apple Mac OS X ImageIO integer overflow vulnerability
Overview Apple's ImageIO framework contains an integer overflow vulnerability that may allow an attacker to execute code on a vulnerable system. Description Graphics Interchange Format GIF is a popular image format supported by many Apple Mac OS X applications. The ImageIO framework allows...
LizardTech DjVu Browser Plug-in buffer overflow vulnerabilities
Overview The LizardTech DjVu Browser Plug-in contains multiple buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description The LizardTech DjVu Browser Plug-in is an application that allows the user to view DjVu documents in a web browser. It is...
Sun Microsystems Java GIF image processing buffer overflow
Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...
GnuPG vulnerable to remote data control
Overview A vulnerability in GnuPG could allow a remote attacker to execute arbitrary code on an affected system. Description GNU Privacy Guard GnuPG is the GNU project's implementation of the OpenPGP standard as defined by RFC2440.OpenPGP messages are processed by GnuPG using data structures call...
Microsoft Object Packager fails to properly display file types
Overview The Microsoft Object Packager fails to properly display the file types. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description According to Microsoft: Object Packager is a tool you can use to create a package that you ca...
Microsoft Internet Explorer fails to properly handle embedded objects
Overview Microsoft Internet Explorer IE does not properly handle embedded dynamic objects. This vulnerability may allow a remote attacker to execute arbitrary code. Description IOleClientSite interface According to Microsoft Security Bulletin MS06-013, The IOleClientSite interface is the primary...