3704 matches found
Gaim contains a buffer overflow vulnerability in the gaim_quotedp_decode() function
Overview There is a buffer overflow vulnerability in the Gaim gaimquotedpdecode function, which could cause a pointer to reference memory beyond the terminating null byte. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It includes a feature tha...
Linux kernel mremap(2) system call does not properly check return value from do_munmap() function
Overview A vulnerability in the Linux mremap2 system call could allow an authenticated, local attacker to execute arbitrary code with root privileges. Description The Linux kernel uses a linked list of vitrual memory area VMA descriptors to reference valid regions of the page table for a given...
Microsoft Outlook fails to properly filter parameters passed via "mailto:" URL
Overview A vulnerability in the way that Microsoft Outlook 2002 handles a certain type of hyperlink could allow a remote attacker to execute arbitrary code on the vulnerable system. Description Microsoft Outlook provides a centralized application for managing and organizing e-mail messages,...
Microsoft ASN.1 Library improperly decodes constructed bit strings
Overview The Microsoft ASN.1 Library improperly decodes constructed bit strings which could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Description Abstract Syntax Notation number One ASN.1 is an international standard used to describe and transmit...
Microsoft FrontPage Server Extensions contains buffer overflow in remote debugging functionality
Overview Microsoft FrontPage Server Extensions contains a vulnerability that allows remote attackers to execute arbitrary code with local system privileges. Description Microsoft FrontPage Server Extensions FPSE is an optional set of tools that adds functionality to a web site. This functionality...
PopTop PPTP Server contains buffer overflow in "ctrlpacket.c"
Overview There is a remotely exploitable buffer overflow in PopTop. An exploit for this vulnerability exists and is publicly available. Description From the PopTop web site:PopToP is the PPTP server solution for Linux ports exist for Solaris 2.6, OpenBSD and FreeBSD and others. A buffer overflow...
Microsoft Internet Explorer does not adequately validate source of dialog frame
Overview Microsoft Internet Explorer IE allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookies from other web sites. In the presence of other vulnerabilities VU626395,...
Apache discloses source code via POST requests to a location with WebDAV and CGI enabled
Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...
webalizer vulnerable to buffer overflow when performing reverse DNS lookups
Overview A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10. Description webalizer is a web server log file analysis program.webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in th...
OpenSSL clients contain a buffer overflow during the SSL3 handshake process
Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL clients that could lead to the execution of arbitrary code on the client's system. Description OpenSSL clients using SSLv3 prior to version 0.9.6e and...
Microsoft Internet Information Server (IIS) vulnerable to heap overflow during processing of crafted ".htr" request by "ISM.DLL" ISAPI filter
Overview A buffer overflow in the HTR ISAP extension on IIS servers could permit an intruder to interrupt the normal operation of IIS or possibly execute arbitrary code with the privileges of the HTR extension. Description HTR is a server-side scripting technology for IIS which has largely been...
Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in HTTP error page results
Overview Visitors to web sites that use Microsoft IIS and also use the default error pages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting from...
IBM AIX lsfs utility invokes grep and lslv with relative pathnames
Overview The IBM AIX operating system contains a vulnerability in the lsfs utility that allows a local user to execute arbitrary code as root. Description The IBM AIX lsfs utility displays filesystem information such as mount points, permissions and volume sizes. To list this information, it...
Sun Solaris DMI to SNMP mapper daemon snmpXdmid contains buffer overflow
Overview There is a buffer overflow in the snmpXdmi daemon, which may allow intruders to gain root privileges on systems running the vulnerable daemon. Description The SNMP-to-DMI mapper daemon snmpXdmi translates Simple Network Management Protocol SNMP events to Desktop Management Interface DMI...
ISC BIND 4 contains buffer overflow in nslookupComplain()
Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is a buffer overflow vulnerability in BIND 4.9.x, which may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no...
Fonality contains a hard-coded password and embedded SSL private key
Overview Fonality previously trixbox Pro version 12.6 and later uses a hard-coded password, and the accompanying HUDweb plugin embeds a private SSL key. Description CWE-259: Use of Hard-coded Password - CVE-2016-2362According to the reporter, FTP is used to sync phone configurations for users, by...
Sabre AirCentre Crew solutions contain a SQL injection vulnerability
Overview Sabre AirCentre Crew solutions version 2010.2.12.20008 and earlier contain an SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' Sabre AirCentre Crew solutions version 2010.2.12.20008 and earlier are...
Microsoft Internet Explorer 8 CMarkup use-after-free vulnerability
Overview Microsoft Internet Explorer 8 contains a use-after-free vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer 8 contains a use-after-free vulnerability. This can allow for arbitrary code...
Xangati software release contains relative path traversal and command injection vulnerabilities
Overview Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities. Description Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities.CWE-23: Relative Path Traversal -CVE-2014-0358 The...
CMS Made Simple contains multiple cross-site scripting vulnerabilities
Overview CMS Made Simple contains multiple cross-site scripting vulnerabilities Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-0334The files: cmsmadesimple/admin/addgroup.php on line 107 contains a post-authentication reflected XS...
Dell OpenManage Server Administrator version 7.1.0.1 DOM-based XSS vulnerability
Overview Dell OpenManage Server Administrator version 7.1.0.1 and earlier contains a DOM-based cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'Dell OpenManage Server Administrator version 7.1.01 and earlier...
Oberthur smart cards generate weak certificates
Overview A flaw has been identified in Oberthur ID-One COSMO 64, v5.2 and v5.2a smart cards, which results in public keys that do not satisfy the requirements of the Digital Signature Standard as specified in FIPS PUB 186-3 and its predecessors. Description Oberthur ID-One COSMO 64, v5.2 and v5.2...
Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers
Overview Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different...
Microsoft Windows browser election message kernel pool overflow
Overview A vulnerability exists in the way the Microsoft Windows browser service handles Browser Election messages. Description From Description of the Microsoft Computer Browser Service:"The browser service maintains a list of the domain name or workgroup name the computer is in, and the protoco...
Adobe Flash memory corruption vulnerability
Overview Adobe Flash contains an memory corruption vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash versions 10.1.102.64 and earlier contain a vulnerability that can result in memory corruption, which can allow arbitrary code...
ISC BIND named allow-query vulnerability
Overview ISC BIND contains a vulnerability in the processing of the allow-query access control specifier. Description According to ISC:When named is running as an authoritative server for a zone and receives a query for that zone data, it first checks for allow-query acls in the zone statement,...
Microsoft Internet Explorer CSS style element vulnerability
Overview Microsoft Internet Explorer IE does not safely reference CSS style elements. Using a specially crafted HTML page, an attacker can cause IE to crash and potentially execute arbitrary code. Description IE contains a vulnerability in the way it references CSS style elements. Processing a...
Caucho Resin vulnerable to XSS via "file" parameter to "viewfile"
Overview The "viewfile" command provided by Caucho Resin contains a cross-site scripting XSS vulnerability in the "file" parameter. Description Caucho Resin is a Java-based application server. The "viewfile" command that is provided with the Resin documentation is vulnerable to XSS via the "file"...
BackWeb Lite Install Runner ActiveX stack buffer overflows
Overview The BackWeb Lite Install Runner ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description BackWeb Lite Install Runner is an ActiveX control that is used to install software on...
IBM Lotus Domino Web Access ActiveX control stack buffer overflows
Overview The IBM Lotus Domino Web Access ActiveX control contains multiple stack buffer overflow vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IBM Lotus Domino includes an ActiveX control called Domino Web Access,...
Lhaca buffer overflow vulnerability
Overview The Lhaca archiving program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description LHA is an archive file format. LHA is used by the Lhaca compression utility.A stack buffer overflow vulnerability exists in the Lhaca program. This...
MIT Kerberos 5 telnet daemon allows login as arbitrary user
Overview A vulnerability exists in the version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthorized attacker to log on to the system with elevated privileges. Description A vulnerability exists version of the telnet daemon included with the MIT...
Cisco IOS fails to properly handle summary packets in the VLAN Trunking Protocol
Overview Cisco IOS fails to properly handle summary packets in the VLAN Trunking Protocol. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. Description Cisco's VLAN Trunking Protocol VTP provides the ability to manage the addition, deletion,...
gzip contains a .bss buffer overflow in its LZH handling
Overview The gzip program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. Some implementations of gzip include support for the LZH...
OpenOffice.org may fail to recognize embedded Basic macros
Overview The OpenOffice.org team has reported a vulnerability in how the 1.1 and 2.0 versions of OpenOffice.org process basic macros. Description A vulnerability in OpenOffice.org may allow an attacker to inject basic code into documents such that the code will be executed when the document is...
Oracle Database XML Database SQL Injection vulnerability
Overview Oracle Database XML Database XML DB is vulnerable to SQL injection, possibly allowing a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description According to Oracle:Oracle XML DB is a feature of the Oracle Database. It provides a high-performance...
Microsoft Windows help viewer vulnerable to heap overflow
Overview A vulnerability exists in the Microsoft Windows help viewer application that could allow a remote attacker to execute code of their choosing on a vulnerable system. Description The Microsoft Windows help viewer winhlp32.exe provides application assistance to users through a special type ...
Apple Mac OS X Server NetInfo Setup Tool fails to validate command line parameters
Overview Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow an attacker to execute arbitrary code. Description NeST is the NetInfo Setup Tool for Apple Mac OS X Server. There is a buffer overflow vulnerability in the way NeST...
Mozilla Firefox fails to properly perform security checks on "_search" target
Overview A vulnerability in Mozilla Firefox may allow a remote attacker to install malicious code on or read protected information from a vulnerable system. Description The Firefox web browser features the ability to open a hyperlink in the "search" web panel. Firefox fails to perform adequate...
IBM AIX auditselect contains format string vulnerability
Overview IBM AIX auditselect command contains a format string vulnerability that may allow a local attacker to execute arbitrary code. Description According to IBM's Command Reference, the syntax and description of the auditselect command are as follows:$ auditselect -e "Expression" | -f File -m...
Linux kernel USB drivers do not initialize kernel memory properly
Overview Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users. Description USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copi...
libpng integer overflow in image height processing
Overview The Portable Network Graphics library libpng contains a remotely exploitable vulnerability which could cause affected applications to crash. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format...
Microsoft Outlook Express fails to properly validate malformed e-mail headers
Overview A vulnerability exists in some versions of Microsoft Outlook Express that could allow a remote attacker to cause a denial of service. Description According to Microsoft Security Bulletin MS04-018, a flaw exists in the way that some versions of Microsoft's Outlook Express mail client...
Microsoft Windows DCOM/RPC vulnerability
Overview A vulnerability exists in Microsoft Windows DCOM/RPC that can be exploited to cause a denial of service. It may be possible for an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Remote Procedure Call RPC "... is a powerful, robust, efficient, and...
Cryptographic weakness in Kerberos Version 4 protocol
Overview Several cryptographic vulnerabilities exist in the basic Kerberos Version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm. Description The MIT Kerberos Development team has discovered a...
OpenSSL servers contain a buffer overflow during the SSL2 handshake process
Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. Description Versions of OpenSSL servers prior to 0.9.6e and pre-release...
Apache web servers fail to handle chunks with a negative size
Overview There is a remotely exploitable vulnerability in the way that Apache web servers or other web servers based on their source code handle data encoded in chunks. This vulnerability is present by default in configurations of Apache web server versions 1.2.2 and above, 1.3 through 1.3.24, an...
Yahoo! Messenger contains a buffer overflow in the URI handler
Overview Yahoo! Messenger is an instant messaging client. A remotely exploitable vulnerability has been reported in the URI handler of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the URI handler of Yahoo! Messenger, versions 5,0,0,1064 and prior, that may permit...
Microsoft Windows Universal Plug and Play (UPNP) service vulnerable to buffer overflow via malformed advertisement packets
Overview A buffer overflow in Universal Plug and Play UPnP service on Microsoft Windows XP, Microsoft Windows ME, and Microsoft Windows 98 permits an intruder to run arbitrary code on vulnerable systems. Description Universal Plug and Play UPnP is a system to allow network devices to operate...
Cisco IOS vulnerable to denial of service via Cisco Discovery Protocol
Overview The Cisco IOS contains a denial-of-service vulnerability that allows nearby remote attackers to crash or temporarily disable affected network devices. Description The Cisco Internetwork Operating System IOS contains a vulnerability in its processing of Cisco Discovery Protocol CDP packet...