3704 matches found
Apple QuickTime PictureViewer PICT data decompression buffer overflow
Overview Apple QuickTime PictureViewer contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote audio/video content. PictureViewer is a...
Cisco IOS OSPF neighbor IO buffer overflow
Overview Cisco Internetwork Operating System IOS is the operating system for the majority of Cisco routers. Open Shortest-Path First OSPF is a interior routing protocol. A flaw in some Cisco IOS versions can allow a buffer overflow when handling a large number of OSPF neighbor connection requests...
Microsoft Windows does not adequately validate IP options
Overview Microsoft Windows does not adequately validate IP options, allowing an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. An attacker could take complete control of a vulnerable system. Description Several versions of the Microsoft Windows IP stack a...
Verity Ultraseek contains a cross-site scripting vulnerability in the processing of search requests
Overview Verity's Ultraseek application contains a cross-site scripting vulnerability in the processing of search requests. Description Verity Ultraseek is a web site search engine application. Ultraseek contains a cross-site scripting vulnerability in the processing of search requests. More...
SCO OpenServer vulnerable to privilege escalation in 'scosession' argument handling
Overview A vulnerability in a program supplied with the SCO OpenServer operating system may allow local attackers to gain elevated privileges. Description SCO OpenServer is a UNIX-like operating system for Intel and AMD platforms. The 'scosession' session handling component, which is responsible...
Microsoft Hyperlink Object Library buffer overflow
Overview A buffer overflow exists in the Microsoft Windows system library used when handling hyperlinks. All currently supported versions of Microsoft Windows are affected. Description An unchecked buffer in the Microsoft Object Library is vulnerable to attack when malformed hyperlinks are handle...
Veritas NetBackup "bpjava-susvc" process contains an input validation error
Overview Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges. Description The Veritas NetBackup Administrative Assistant interface bpjava-susvc contains an input validation vulnerability. According to Veritas Alert 271727 :Wh...
libXpm library contains multiple integer overflow vulnerabilities
Overview libXpm contains multiple integer overflow vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code. Description XPM is a format for encoding and decoding X PixMap images that is used in the X Windows System 11 X11. libXpm is a library of...
Apple Mac OS X CoreFoundation CFPlugIn facilities automatically load plug-in executables
Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to gain elevated privileges. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications i...
OpenSSL ASN.1 parser insecure memory deallocation
Overview A vulnerability in the way OpenSSL deallocates memory used to store ASN.1 structures could allow a remote attacker to execute arbitrary code with the privileges of the process using the OpenSSL library. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer...
Microsoft SmartHTML interpreter (shtml.dll) contains vulnerability
Overview Microsoft's SmartHTML interpreter shtml.dll contains a remotely exploitable vulnerability. Description shtml.dll is a component of FrontPage Server Extensions. FrontPage Server Extensions allow web developers to add or change content and to manage the web server.Quoting from MS02-053, "T...
Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via malformed server-side include directive
Overview A buffer overflow in the code that processes server-side include files on IIS 4.0 and IIS 5.0 could allow an intruder to execute code with the privileges of the web server. Description A buffer overflow exists in the code that processes server side include directives on IIS versions 4 an...
Eyedog ActiveX control incorrectly marked "safe for scripting"
Overview Versions of the Eyedog ActiveX control current circa August, 1999, are incorrectly marked safe for scripting. Description Eyedog is an ActiveX control that was used to perform diagnostic function in Windows. It was marked as safe for scripting, which means that it could be called from...
Solaris ufsrestore buffer overflow in command pathname parameters for interactive session
Overview There is a buffer overflow in ufsrestore, a file restoration utility. Description When operating in interactive mode, the pathname parameter of the extract command is not properly bounds checked. When used in conjunction with long pathnames contained in the dump file, an internal buffer...
Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
Overview Multiple Unified Extensible Firmware Interface UEFI implementations are vulnerable to code execution in System Management Mode SMM by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access DMA timing attacks tha...
Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS
Overview Visual Voice Mail VVM services transmit unencrypted credentials via SMS. An attacker with the ability to read SMS messages can obtain VVM IMAP credentials and gain access to VVM data. Description VVM is specified by Open Mobile Terminal Platform-OMPT and is implemented with SMS and IMAP...
PHP FormMail Generator generates code vulnerable to multiple issues
Overview PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types. Description PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The co...
Zizai Tech Nut contains multiple vulnerabilities
Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...
Chef Manage deserializes cookie data insecurely
Overview Chef Manage add-on, version 1.11.4 and earlier, deserializes cookie data insecurely, which may be leveraged to gain unauthenticated remote code execution. Description CWE-502: Deserialization of Untrusted Data - CVE-2016-4326Chef with the Chef Manage previously known as 'opscode-manage'...
Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries
Overview Netgear G54/N150 Wireless Router WNR1000v3, firmware version 1.0.2.68 and possibly earlier, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-8263The Netgear G54/N150 Wireless...
SearchBlox contains multiple vulnerabilities
Overview SearchBlox versions 8.1.x and below contain multiple vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2015-0967SearchBlox contains multiple cross-site scripting XSS vulnerabilities, including a reflected XSS in...
NSIS Inetc plug-in fails to validate SSL certificates
Overview The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing. Description Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet. Although Inetc supports...
Cryoserver Security Appliance vulnerable to privilege escalation
Overview Cryoserver Security Appliance 7.3.x vulnerable to privilege escalation Description CWE-264: Permissions, Privileges, and Access Controls Cryoserver Security Appliance 7.3.x does not properly assign permission to the /etc/init.d/cryoserver shell script and allows the default support accou...
BlogEngine.net information disclosure vulnerability
Overview BlogEngine.net 2.8.0.0 and earlier versions contain an information disclosure vulnerability which could allow an attacker to gain access to credentials. Description CWE-200: Information ExposureBlogEngine.net 2.8.0.0 and earlier contain an information disclosure vulnerability which could...
Qualcomm Android OS kernel privilege escalation and denial of service vulnerabilites
Overview Android OS kernels running on certain Qualcomm devices contain multiple vulnerabilities which could allow an attacker to cause privilege escalation or Denial of Service DoS. Description The Qualcomm Innovation Center, Inc. advisory states:Summary: A locally installed application can caus...
Agile FleetCommander and FleetCommander Kiosk versions prior to 4.08 contain multiple vulnerabilities
Overview Agile FleetCommander and FleetCommander Kiosk were found to have multiple XSS, CSRF, information disclosure and SQLi vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2012-4941SQL Injection Vulnerabilities:...
Synel SY-780/A terminal denial-of-service vulnerability
Overview Synel SY-780/A terminals contain a denial-of-service vulnerability when specific ports of the device are scanned. Description According to Synel's website the SY-780/A terminal is a stand-alone device used for time & attendance monitoring, production floor control, job costing, and acces...
Anymacro Mail System G4X email server web interface directory traversal vulnerability
Overview Anymacro Mail System G4X email server web interface contains a directory traversal vulnerability. Description According to Anymacro's website: Anymacro Mail System is a professional e-mail and unified messaging product solution. Anymacro Mail System can be used for an e-mail platform for...
Microsoft Internet Explorer iepeers.dll use-after-free vulnerability
Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer provides support for Web Folders and printing through the use of the...
OpenSSL TLS handshake Denial of Service
Overview A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service. Description OpenSSL contains a vulnerability in the way specially crafted TLS handshake packets are handled that may result in a denial of service. According to OpenSSL Security Advisory...
Liferay Portal Admin portlet Shutdown message XSS
Overview Liferay Portal Admin portlet fails to properly validate input to the shutdown message, which can allow a remote, authenticated attacker to inject script into the message displayed to all users when the server is being shut down. Description Liferay Portal is an enterprise portal solution...
Callisto PhotoParade Player PhPInfo ActiveX control buffer overflow
Overview The Callisto PhotoParade Player PhPInfo ActiveX control contains a buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Callisto PhotoParade Player includes an ActiveX control called PhPinfo. The ActiveX control...
Apple QuickDraw Manager heap buffer overflow vulnerability
Overview Apple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description PICT is a graphics file format that was used by Apple Macintosh systems prior to Mac OS X as their standa...
Microsoft RichEdit vulnerable to remote code execution via malformed embedded OLE object
Overview Microsoft's RichEdit contains a vulnerability that may allow an attacker to execute code. Description From Murray Sargent's MSDN blog:RichEdit 6.0 is a facility for getting plain/rich-text, single/multiline Unicode/ANSI edit controls and combo/list boxes in single world-wide binary that...
Microsoft Windows Media Player fails to properly handle malformed Windows Media Metafiles
Overview Windows Media Player does not properly handle malformed Windows Media Metafiles. This vulnerability may allow a remote attacker to execute arbitrary code or crash Windows Media Player. Description Windows Media Player WMP is a multimedia application that comes with Microsoft Windows...
Microsoft Internet Explorer createTextRange() vulnerability
Overview Microsoft Internet Explorer IE fails to properly handle the createTextRange DHTML method, possibly allowing a remote, unauthenticated attacker to execute arbitrary code. Description DHTML, TextRanges, and the createTextRange Method According to Microsoft:Dynamic HTML DHTML is built on an...
Oracle Client Tools buffer overflow vulnerability
Overview A buffer overflow in an unspecified Oracle Client utility may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Oracle:One vulnerability DBC02is in a utility that can be forced to terminate if given long arguments, potentially...
Microsoft PKINIT smart card logon vulnerable to information disclosure and spoofing
Overview Microsoft PKINIT smart card authentication is vulnerable to an information disclosure flaw that may allow an attacker to spoof a trusted server. Description From the Microsoft PKINIT description: PKINIT is an Internet Engineering Task Force IETF Internet Draft for "Public Key Cryptograph...
Microsoft Windows Kernel Vulnerability
Overview A privilege elevation vulnerability exists in the way that the Windows' kernel processes certain access requests. This vulnerability could allow a logged on user to take complete control of the system. Description A locally authenticated user could potentially exploit a vulnerability in...
Microsoft Internet Explorer URL validation routine contains a buffer overflow
Overview A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE contains an unspecified vulnerability in the way that it handles certain URLs. The process that checks the URL contain...
nfs-utils vulnerable to buffer overflow in "getquotainfo()" in "rquota_server.c"
Overview A vulnerability in nfs-utils could permit an attacker to execute arbitrary code on the system or cause a denial of service. Description The NFS protocol provides remote access to shared files accross networks. The nfs-utils package provides an NFS client and server for Linux systems...
Microsoft Windows XP named pipe fails to restrict anonymous access
Overview The Server service running on Microsoft Windows XP leaks authentication information. Description The Server service srvsvc.dll is a component of the Server Message Block SMB, and its follow-on, Common Internet File System CIFS. These are network protocols that Windows uses to share files...
Apache HTTP Server contains a buffer overflow in the mod_proxy module
Overview Apache Web Server contains a buffer overflow vulnerability in the modproxy module that may allow a remote attacker to execute arbitrary code or launch a denial of service DoS attack. Description The Apache Server is an open-source web server offered by The Apache Software Foundation. The...
Microsoft Windows GDI+ contains a buffer overflow vulnerability in the JPEG parsing component
Overview A buffer overflow vulnerability in the Microsoft Windows GDI+ JPEG parsing component could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Graphics Device Interface GDI+ is an application programming interface API that provides...
MIT Kerberos 5 ASN.1 decoding function asn1buf_skiptail() does not properly terminate loop
Overview The asn1bufskiptail function in the MIT Kerberos 5 library does not properly terminate a loop, allowing an unauthenticated, remote attacker to cause a denial of service in a Kerberos Distribution Center KDC, application server, or Kerberos client. Description As described on the MIT...
isakmpd crashes when handling ISAKMP packets with malformed "Delete Payload"
Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...
Microsoft Windows contains a buffer overflow in the POSIX subsystem
Overview A buffer overflow vulnerability exists in the Portable Operating System Interface for UNIX POSIX subsystem for Windows NT 4.0 and Windows 2000. This vulnerability may be exploited by a local authenticated user to gain full system privileges. Description Windows NT 4.0 and Windows 2000...
Gaim contains a buffer overflow vulnerability in the gaim_quotedp_decode() function
Overview There is a buffer overflow vulnerability in the Gaim gaimquotedpdecode function, which could cause a pointer to reference memory beyond the terminating null byte. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It includes a feature tha...
Microsoft Windows 2000 LSASS fails to properly handle certain LDAP messages
Overview A vulnerability exists in the Lightweight Directory Access Protocol LDAP message processing of the Windows 2000 domain controller. An attacker may be able to cause a denial-of-service condition to the vulnerable Active Directory domain. Description A vulnerability exists in the processin...
Linux kernel mremap(2) system call does not properly check return value from do_munmap() function
Overview A vulnerability in the Linux mremap2 system call could allow an authenticated, local attacker to execute arbitrary code with root privileges. Description The Linux kernel uses a linked list of vitrual memory area VMA descriptors to reference valid regions of the page table for a given...