IBM AIX auditselect contains format string vulnerability

Overview IBM AIX auditselect command contains a format string vulnerability that may allow a local attacker to execute arbitrary code. Description According to IBM's Command Reference, the syntax and description of the auditselect command are as follows:$ auditselect -e "Expression" | -f File -m...

Verity Ultraseek contains a cross-site scripting vulnerability in the processing of search requests

Overview Verity's Ultraseek application contains a cross-site scripting vulnerability in the processing of search requests. Description Verity Ultraseek is a web site search engine application. Ultraseek contains a cross-site scripting vulnerability in the processing of search requests. More...

Veritas NetBackup "bpjava-susvc" process contains an input validation error

Overview Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges. Description The Veritas NetBackup Administrative Assistant interface bpjava-susvc contains an input validation vulnerability. According to Veritas Alert 271727 :Wh...

Linux kernel USB drivers do not initialize kernel memory properly

Overview Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users. Description USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copi...

libXpm library contains multiple integer overflow vulnerabilities

Overview libXpm contains multiple integer overflow vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code. Description XPM is a format for encoding and decoding X PixMap images that is used in the X Windows System 11 X11. libXpm is a library of...

Microsoft Windows GDI+ contains a buffer overflow vulnerability in the JPEG parsing component

Overview A buffer overflow vulnerability in the Microsoft Windows GDI+ JPEG parsing component could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Graphics Device Interface GDI+ is an application programming interface API that provides...

tcpdump contains integer underflow vulnerability in ISAKMP "Identification Payload" handling

Overview A vulnerability in tcpdump could allow a remote attacker to cause a denial of service on an affected system. Description The tcpdump tool allows for the inspection of network packets and contains decoders for many standard protocols, including the Internet Security Association and Key...

libpng integer overflow in image height processing

Overview The Portable Network Graphics library libpng contains a remotely exploitable vulnerability which could cause affected applications to crash. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format...

Microsoft Outlook Express fails to properly validate malformed e-mail headers

Overview A vulnerability exists in some versions of Microsoft Outlook Express that could allow a remote attacker to cause a denial of service. Description According to Microsoft Security Bulletin MS04-018, a flaw exists in the way that some versions of Microsoft's Outlook Express mail client...

Gaim contains a buffer overflow vulnerability in the gaim_quotedp_decode() function

Overview There is a buffer overflow vulnerability in the Gaim gaimquotedpdecode function, which could cause a pointer to reference memory beyond the terminating null byte. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It includes a feature tha...

Linux kernel mremap(2) system call does not properly check return value from do_munmap() function

Overview A vulnerability in the Linux mremap2 system call could allow an authenticated, local attacker to execute arbitrary code with root privileges. Description The Linux kernel uses a linked list of vitrual memory area VMA descriptors to reference valid regions of the page table for a given...

Microsoft Windows DCOM/RPC vulnerability

Overview A vulnerability exists in Microsoft Windows DCOM/RPC that can be exploited to cause a denial of service. It may be possible for an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Remote Procedure Call RPC "... is a powerful, robust, efficient, and...

Cisco IOS Interface Blocked by IPv4 Packet

Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. Description Cisco IOS is a very widely deployed network operating system. A vulnerability in IO...

Vulnerability in OpenSSH daemon (sshd)

Overview A vulnerability in the OpenSSH daemon sshd may give remote attackers a better chance of gaining access to restricted resources. Description OpenSSH is an implementation of the Secure Shell protocol. It is used to provide strong authentication and cryptographically secure communications...

Cryptographic weakness in Kerberos Version 4 protocol

Overview Several cryptographic vulnerabilities exist in the basic Kerberos Version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm. Description The MIT Kerberos Development team has discovered a...

Apache discloses source code via POST requests to a location with WebDAV and CGI enabled

Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...

OpenSSL servers contain a buffer overflow during the SSL2 handshake process

Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. Description Versions of OpenSSL servers prior to 0.9.6e and pre-release...

Yahoo! Messenger contains a buffer overflow in the URI handler

Overview Yahoo! Messenger is an instant messaging client. A remotely exploitable vulnerability has been reported in the URI handler of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the URI handler of Yahoo! Messenger, versions 5,0,0,1064 and prior, that may permit...

Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in HTTP error page results

Overview Visitors to web sites that use Microsoft IIS and also use the default error pages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting from...

Cisco IOS HTTP server authentication vulnerability allows remote attackers to execute arbitrary commands

Overview A problem with the HTTP server component of Cisco IOS system software allows an intruder to execute privileged commands on Cisco routers if local authentication databases are used. Description By sending a particular URL to a Cisco IOS device with the HTTP server enabled, a remote attack...

DNS implementations vulnerable to denial-of-service attacks via malformed DNS queries

Overview Incorrect decoding of malformed DNS packets causes certain DNS implementations to hang or crash. Description RFC1035 DOMAIN NAMES, IMPLEMENTATION AND SPECIFICATION defines a mechanism for conserving bytes in a DNS query or reply packet by avoiding repetition of character strings "labels"...

Sun Solaris DMI to SNMP mapper daemon snmpXdmid contains buffer overflow

Overview There is a buffer overflow in the snmpXdmi daemon, which may allow intruders to gain root privileges on systems running the vulnerable daemon. Description The SNMP-to-DMI mapper daemon snmpXdmi translates Simple Network Management Protocol SNMP events to Desktop Management Interface DMI...

HP-UX Support Tools Manager vulnerable to denial of service

Overview There is a vulnerability in the Hewlett-Packard Support Tools Manager that allows a local user to create a denial-of-service condition. Description The Hewlett-Packard Support Tools is a collection of diagnostic tools that allow operators of HP-UX systems to test and diagnose hardware...

Checkbox Survey insecurely deserializes ASP.NET View State data

Overview Checkbox Survey prior to version 7.0 insecurely deserializes ASP.NET View State data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable server. Description CVE-2021-27852 Checkbox Survey insecurely deserializes ASP.NET View State data. Checkbox...

Fonality contains a hard-coded password and embedded SSL private key

Overview Fonality previously trixbox Pro version 12.6 and later uses a hard-coded password, and the accompanying HUDweb plugin embeds a private SSL key. Description CWE-259: Use of Hard-coded Password - CVE-2016-2362According to the reporter, FTP is used to sync phone configurations for users, by...

Chef Manage deserializes cookie data insecurely

Overview Chef Manage add-on, version 1.11.4 and earlier, deserializes cookie data insecurely, which may be leveraged to gain unauthenticated remote code execution. Description CWE-502: Deserialization of Untrusted Data - CVE-2016-4326Chef with the Chef Manage previously known as 'opscode-manage'...

QNAP Signage Station and iArtist Lite contain multiple vulnerabilities

Overview The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-6022An authenticated attacker without administrative permissions may upload a...

Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default

Overview Hirschmann "Classic Platform" switches contain a password sync feature that syncs the switch administrator password with the SNMP community password, exposing the administrator password to attackers on the local network. Description CWE-257: Storing Passwords in a Recoverable Format For...

Fisher-Price Smart Toy platform allows some unauthenticated web API commands

Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things IoT toy. The device utilizes network connectivity to provide...

Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries

Overview Netgear G54/N150 Wireless Router WNR1000v3, firmware version 1.0.2.68 and possibly earlier, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-8263The Netgear G54/N150 Wireless...

Intel BIOS locking mechanism contains race condition that enables write protection bypass

Overview A race condition exists in Intel chipsets that rely solely on the BIOSCNTL.BIOSWE and BIOSCNTL.BLE bits as a BIOS write locking mechanism. Successful exploitation of this vulnerability may result in a bypass of this locking mechanism. Description CWE-362: Concurrent Execution using Share...

Cobham Aviator satellite terminals contain multiple vulnerabilities

Overview Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Description Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:CWE-327:Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-2942 Please note that th...

Microsoft Internet Explorer CMarkup use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability. This can allow for arbitrary code...

CMS Made Simple contains multiple cross-site scripting vulnerabilities

Overview CMS Made Simple contains multiple cross-site scripting vulnerabilities Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-0334The files: cmsmadesimple/admin/addgroup.php on line 107 contains a post-authentication reflected XS...

BlogEngine.net information disclosure vulnerability

Overview BlogEngine.net 2.8.0.0 and earlier versions contain an information disclosure vulnerability which could allow an attacker to gain access to credentials. Description CWE-200: Information ExposureBlogEngine.net 2.8.0.0 and earlier contain an information disclosure vulnerability which could...

Multiple MIT KRB5 KDC daemon vulnerabilities

Overview MIT's KRB5 KDC version 1.8 and 1.9 contain multiple vulnerabilities. Description The MIT krb5 Security Advisory 2011-006 states:CVE-2011-1527: In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition i...

Windows font library file buffer overflow

Overview Microsoft Windows contains a buffer overflow vulnerability in the handling of font library files, which may allow a remote, unauthenticated attacker to execute arbitrary code with kernel privileges. Description Microsoft Windows supports a variety of font formats. One of which is the fon...

Adobe Flash memory corruption vulnerability

Overview Adobe Flash contains an memory corruption vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash versions 10.1.102.64 and earlier contain a vulnerability that can result in memory corruption, which can allow arbitrary code...

Microsoft Internet Explorer CSS style element vulnerability

Overview Microsoft Internet Explorer IE does not safely reference CSS style elements. Using a specially crafted HTML page, an attacker can cause IE to crash and potentially execute arbitrary code. Description IE contains a vulnerability in the way it references CSS style elements. Processing a...

Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 data

Overview Xpdf and poppler contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Xpdf is an open source viewer for Portable Document Format PDF files. Several PDF viewing applications and libraries, such a...

Citect CitectSCADA ODBC service buffer overflow

Overview Citect CitectSCADA contains a remotely accessible buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code. Description Citect CitectSCADA is software used for monitoring and control in Supervisory Control And Data Acquisition SCADA systems. A buffer...

BackWeb Lite Install Runner ActiveX stack buffer overflows

Overview The BackWeb Lite Install Runner ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description BackWeb Lite Install Runner is an ActiveX control that is used to install software on...

OpenSSL TLS handshake Denial of Service

Overview A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service. Description OpenSSL contains a vulnerability in the way specially crafted TLS handshake packets are handled that may result in a denial of service. According to OpenSSL Security Advisory...

Apache mod_jk2 host header buffer overflow

Overview A vulnerability exists in the legacy version of the modjk2 Apache module. If successfully exploited, the vulnerability may allow an attacker to run arbitrary code on affected system. Description The host header field allows HTTP 1.1 RFC 2616 compliant servers to host multiple domains usi...

Liferay Portal Admin portlet Shutdown message XSS

Overview Liferay Portal Admin portlet fails to properly validate input to the shutdown message, which can allow a remote, authenticated attacker to inject script into the message displayed to all users when the server is being shut down. Description Liferay Portal is an enterprise portal solution...

Mortbay Jetty Dump Servlet vulnerable to cross-site scripting

Overview The Mortbay Jetty Dump Servlet contains a cross-site scripting vulnerability. Description Mortbay Jetty is a web server that is written in Java. The Dump Servlet that is included with Jetty is vulnerable to cross-site scripting. Note that according to the vendor, the Dump Servlet is for...

RSA key reconstruction vulnerability

Overview Various implementations of RSA may contain a vulnerability that could allow an attacker to retrieve encryption keys. Description Some implementations of RSA may contain a vulnerability that could allow a local attacker to retrieve encryption keys. OpenSSL is a widely used open source...

Mozilla Firefox SVG viewer vulnerable to integer overflow

Overview The Mozilla SVG viewer contains an integer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description Scalable Vector Graphics SVG is an XML markup language for describing and displaying animated or...

Cisco IOS fails to properly handle summary packets in the VLAN Trunking Protocol

Overview Cisco IOS fails to properly handle summary packets in the VLAN Trunking Protocol. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. Description Cisco's VLAN Trunking Protocol VTP provides the ability to manage the addition, deletion,...

Ruby safe-level security model bypass

Overview Ruby contains a vulnerability that may allow arbitrary code to be run without the intended safe-level checks being applied. Description Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: taint flagging and safe levels. Safe levels...