Apple Mac OS X ImageIO integer overflow vulnerability

Overview Apple's ImageIO framework contains an integer overflow vulnerability that may allow an attacker to execute code on a vulnerable system. Description Graphics Interchange Format GIF is a popular image format supported by many Apple Mac OS X applications. The ImageIO framework allows...

SupportSoft ActiveX controls contain multiple buffer overflows

Overview The SupportSoft ActiveX controls contain multiple buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SupportSoft provides multiple ActiveX packages that are used by third party vendors to...

Apple Mac OS X AFP server vulnerable to DoS via maliciously crafted AFP request

Overview A vulnerability in the Apple Mac OS X AFP server may allow an attacker to cause a denial-of-service condition on an affected system. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to access files remotely from a server. Apple's Mac OS X AFP server contains ...

Microsoft Internet Explorer fails to properly handle embedded objects

Overview Microsoft Internet Explorer IE does not properly handle embedded dynamic objects. This vulnerability may allow a remote attacker to execute arbitrary code. Description IOleClientSite interface According to Microsoft Security Bulletin MS06-013, The IOleClientSite interface is the primary...

Microsoft Internet Explorer createTextRange() vulnerability

Overview Microsoft Internet Explorer IE fails to properly handle the createTextRange DHTML method, possibly allowing a remote, unauthenticated attacker to execute arbitrary code. Description DHTML, TextRanges, and the createTextRange Method According to Microsoft:Dynamic HTML DHTML is built on an...

Oracle Client Tools buffer overflow vulnerability

Overview A buffer overflow in an unspecified Oracle Client utility may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Oracle:One vulnerability DBC02is in a utility that can be forced to terminate if given long arguments, potentially...

Microsoft PKINIT smart card logon vulnerable to information disclosure and spoofing

Overview Microsoft PKINIT smart card authentication is vulnerable to an information disclosure flaw that may allow an attacker to spoof a trusted server. Description From the Microsoft PKINIT description: PKINIT is an Internet Engineering Task Force IETF Internet Draft for "Public Key Cryptograph...

SCO OpenServer vulnerable to privilege escalation in 'scosession' argument handling

Overview A vulnerability in a program supplied with the SCO OpenServer operating system may allow local attackers to gain elevated privileges. Description SCO OpenServer is a UNIX-like operating system for Intel and AMD platforms. The 'scosession' session handling component, which is responsible...

Microsoft Windows XP named pipe fails to restrict anonymous access

Overview The Server service running on Microsoft Windows XP leaks authentication information. Description The Server service srvsvc.dll is a component of the Server Message Block SMB, and its follow-on, Common Internet File System CIFS. These are network protocols that Windows uses to share files...

Apache HTTP Server contains a buffer overflow in the mod_proxy module

Overview Apache Web Server contains a buffer overflow vulnerability in the modproxy module that may allow a remote attacker to execute arbitrary code or launch a denial of service DoS attack. Description The Apache Server is an open-source web server offered by The Apache Software Foundation. The...

isakmpd crashes when handling ISAKMP packets with malformed "Delete Payload"

Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...

Microsoft Windows 2000 LSASS fails to properly handle certain LDAP messages

Overview A vulnerability exists in the Lightweight Directory Access Protocol LDAP message processing of the Windows 2000 domain controller. An attacker may be able to cause a denial-of-service condition to the vulnerable Active Directory domain. Description A vulnerability exists in the processin...

Microsoft ASN.1 Library improperly decodes constructed bit strings

Overview The Microsoft ASN.1 Library improperly decodes constructed bit strings which could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Description Abstract Syntax Notation number One ASN.1 is an international standard used to describe and transmit...

Microsoft FrontPage Server Extensions contains buffer overflow in remote debugging functionality

Overview Microsoft FrontPage Server Extensions contains a vulnerability that allows remote attackers to execute arbitrary code with local system privileges. Description Microsoft FrontPage Server Extensions FPSE is an optional set of tools that adds functionality to a web site. This functionality...

PopTop PPTP Server contains buffer overflow in "ctrlpacket.c"

Overview There is a remotely exploitable buffer overflow in PopTop. An exploit for this vulnerability exists and is publicly available. Description From the PopTop web site:PopToP is the PPTP server solution for Linux ports exist for Solaris 2.6, OpenBSD and FreeBSD and others. A buffer overflow...

Microsoft Internet Explorer does not adequately validate source of dialog frame

Overview Microsoft Internet Explorer IE allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookies from other web sites. In the presence of other vulnerabilities VU626395,...

webalizer vulnerable to buffer overflow when performing reverse DNS lookups

Overview A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10. Description webalizer is a web server log file analysis program.webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in th...

OpenSSL clients contain a buffer overflow during the SSL3 handshake process

Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL clients that could lead to the execution of arbitrary code on the client's system. Description OpenSSL clients using SSLv3 prior to version 0.9.6e and...

Beck GmbH IPC@Chip TelnetD vulnerable to brute-force password attack

Overview There is a vulnerability in the Beck IPC@CHIP that may allow an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device contains a telnet server that "leaks information". That is, when an attacker connects to the telnet daemon...

IBM AIX lsfs utility invokes grep and lslv with relative pathnames

Overview The IBM AIX operating system contains a vulnerability in the lsfs utility that allows a local user to execute arbitrary code as root. Description The IBM AIX lsfs utility displays filesystem information such as mount points, permissions and volume sizes. To list this information, it...

Multiple race conditions due to TOCTOU flaws in various UEFI Implementations

Overview Multiple Unified Extensible Firmware Interface UEFI implementations are vulnerable to code execution in System Management Mode SMM by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access DMA timing attacks tha...

GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed

Overview GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 and GB-BXi7-5775 platforms, versions vF6 and vF2 respectively, fails to properly set the BIOSWE, BLE, SMMBWP, and PRx bits to enforce write protection. It also is not cryptographically signed. These issues may permit an attacker to write...

Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerability

Overview The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file. Description CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' - CVE-2016-6565The Imagely NextGen Gallery...

Zizai Tech Nut contains multiple vulnerabilities

Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...

SearchBlox contains multiple vulnerabilities

Overview SearchBlox versions 8.1.x and below contain multiple vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2015-0967SearchBlox contains multiple cross-site scripting XSS vulnerabilities, including a reflected XSS in...

NSIS Inetc plug-in fails to validate SSL certificates

Overview The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing. Description Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet. Although Inetc supports...

Cryoserver Security Appliance vulnerable to privilege escalation

Overview Cryoserver Security Appliance 7.3.x vulnerable to privilege escalation Description CWE-264: Permissions, Privileges, and Access Controls Cryoserver Security Appliance 7.3.x does not properly assign permission to the /etc/init.d/cryoserver shell script and allows the default support accou...

Sabre AirCentre Crew solutions contain a SQL injection vulnerability

Overview Sabre AirCentre Crew solutions version 2010.2.12.20008 and earlier contain an SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Sabre AirCentre Crew solutions version 2010.2.12.20008 and earlier are...

Microsoft Internet Explorer 8 CMarkup use-after-free vulnerability

Overview Microsoft Internet Explorer 8 contains a use-after-free vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer 8 contains a use-after-free vulnerability. This can allow for arbitrary code...

McAfee Managed Agent contains a denial-of-service (DoS) vulnerability

Overview McAfee Managed Agent versions 4.5, 4.6, and possibly earlier versions contain a denial-of-service DoS vulnerability CWE-400. Description CWE-400:Uncontrolled Resource Consumption 'Resource Exhaustion' McAfee Managed Agent versions 4.5 and 4.6 contain a denial-of-service DoS vulnerability...

Qualcomm Android OS kernel privilege escalation and denial of service vulnerabilites

Overview Android OS kernels running on certain Qualcomm devices contain multiple vulnerabilities which could allow an attacker to cause privilege escalation or Denial of Service DoS. Description The Qualcomm Innovation Center, Inc. advisory states:Summary: A locally installed application can caus...

Oberthur smart cards generate weak certificates

Overview A flaw has been identified in Oberthur ID-One COSMO 64, v5.2 and v5.2a smart cards, which results in public keys that do not satisfy the requirements of the Digital Signature Standard as specified in FIPS PUB 186-3 and its predecessors. Description Oberthur ID-One COSMO 64, v5.2 and v5.2...

Agile FleetCommander and FleetCommander Kiosk versions prior to 4.08 contain multiple vulnerabilities

Overview Agile FleetCommander and FleetCommander Kiosk were found to have multiple XSS, CSRF, information disclosure and SQLi vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2012-4941SQL Injection Vulnerabilities:...

Synel SY-780/A terminal denial-of-service vulnerability

Overview Synel SY-780/A terminals contain a denial-of-service vulnerability when specific ports of the device are scanned. Description According to Synel's website the SY-780/A terminal is a stand-alone device used for time & attendance monitoring, production floor control, job costing, and acces...

Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers

Overview Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different...

Microsoft Windows browser election message kernel pool overflow

Overview A vulnerability exists in the way the Microsoft Windows browser service handles Browser Election messages. Description From Description of the Microsoft Computer Browser Service:"The browser service maintains a list of the domain name or workgroup name the computer is in, and the protoco...

ISC BIND named allow-query vulnerability

Overview ISC BIND contains a vulnerability in the processing of the allow-query access control specifier. Description According to ISC:When named is running as an authoritative server for a zone and receives a query for that zone data, it first checks for allow-query acls in the zone statement,...

Caucho Resin vulnerable to XSS via "file" parameter to "viewfile"

Overview The "viewfile" command provided by Caucho Resin contains a cross-site scripting XSS vulnerability in the "file" parameter. Description Caucho Resin is a Java-based application server. The "viewfile" command that is provided with the Resin documentation is vulnerable to XSS via the "file"...

IBM Lotus Domino Web Access ActiveX control stack buffer overflows

Overview The IBM Lotus Domino Web Access ActiveX control contains multiple stack buffer overflow vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IBM Lotus Domino includes an ActiveX control called Domino Web Access,...

Quiksoft EasyMail SMTP ActiveX control stack buffer overflow vulnerabilities

Overview The Quiksoft EasyMail SMTP ActiveX control contains multiple stack buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Quiksoft EasyMail Objects is a set of ActiveX controls that provides emai...

MIT Kerberos 5 telnet daemon allows login as arbitrary user

Overview A vulnerability exists in the version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthorized attacker to log on to the system with elevated privileges. Description A vulnerability exists version of the telnet daemon included with the MIT...

Apple QuickDraw Manager heap buffer overflow vulnerability

Overview Apple QuickDraw contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description PICT is a graphics file format that was used by Apple Macintosh systems prior to Mac OS X as their standa...

Sun Microsystems Java GIF image processing buffer overflow

Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...

Novell NetWare Client for Windows OpenPrinter() function vulnerable to buffer overflow

Overview A vulnerability exists in the Novell NetWare client that could allow a remote attacker to execute arbitrary code on an affected system. Description NetWare is a network operating system produced and maintained by Novell. Novell provides NetWare clients for Microsoft Windows and Linux...

Microsoft Windows Media Player fails to properly handle malformed Windows Media Metafiles

Overview Windows Media Player does not properly handle malformed Windows Media Metafiles. This vulnerability may allow a remote attacker to execute arbitrary code or crash Windows Media Player. Description Windows Media Player WMP is a multimedia application that comes with Microsoft Windows...

Microsoft Object Packager fails to properly display file types

Overview The Microsoft Object Packager fails to properly display the file types. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description According to Microsoft: Object Packager is a tool you can use to create a package that you ca...

OpenOffice.org may fail to recognize embedded Basic macros

Overview The OpenOffice.org team has reported a vulnerability in how the 1.1 and 2.0 versions of OpenOffice.org process basic macros. Description A vulnerability in OpenOffice.org may allow an attacker to inject basic code into documents such that the code will be executed when the document is...

Mozilla Firefox fails to properly perform security checks on "_search" target

Overview A vulnerability in Mozilla Firefox may allow a remote attacker to install malicious code on or read protected information from a vulnerable system. Description The Firefox web browser features the ability to open a hyperlink in the "search" web panel. Firefox fails to perform adequate...

Microsoft Windows Kernel Vulnerability

Overview A privilege elevation vulnerability exists in the way that the Windows' kernel processes certain access requests. This vulnerability could allow a logged on user to take complete control of the system. Description A locally authenticated user could potentially exploit a vulnerability in...

Microsoft Internet Explorer URL validation routine contains a buffer overflow

Overview A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE contains an unspecified vulnerability in the way that it handles certain URLs. The process that checks the URL contain...