3704 matches found
Microsoft Exchange Outlook Web Access fails to authenticate users when searching the Global Address List
Overview Microsoft Exchange servers that offer the Outlook Web Access service are vulnerable to an information disclosure vulnerability that can reveal any email address stored in the Global Address List. Description The Outlook Web Access OWA component of Microsoft Exchange allows users to acces...
Cisco IOS HTTP server authentication vulnerability allows remote attackers to execute arbitrary commands
Overview A problem with the HTTP server component of Cisco IOS system software allows an intruder to execute privileged commands on Cisco routers if local authentication databases are used. Description By sending a particular URL to a Cisco IOS device with the HTTP server enabled, a remote attack...
Lotus Notes Java VM leaks file existence through timing difference in ECLs
Overview Lotus Notes JVM leaks information about the existence of a file. Description A malicious Java applet run in the Lotus Notes web browser can determine if a local file exists. Notes' preferences must be set to browse the web using the Notes browser, with execution of Java applets...
HP-UX Support Tools Manager vulnerable to denial of service
Overview There is a vulnerability in the Hewlett-Packard Support Tools Manager that allows a local user to create a denial-of-service condition. Description The Hewlett-Packard Support Tools is a collection of diagnostic tools that allow operators of HP-UX systems to test and diagnose hardware...
GPU kernel implementations susceptible to memory leak
Overview General-purpose graphics processing unit GPGPU platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other processes. An attacker with access to GPU capabilities using a vulnerable GPU's programmable...
Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router
Overview An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access sensitive information. Description CVE-2023-4498 is an authentication bypass vulnerability that enables an...
ThreatMetrix SDK for iOS fails to validate SSL certificates
Overview On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. Description ThreatMetrix is a security library for mobile applications, which aims to...
QNAP Signage Station and iArtist Lite contain multiple vulnerabilities
Overview The QNAP Signage Station prior to version 2.0.1 and the accompanying iArtist Lite application contain multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-6022An authenticated attacker without administrative permissions may upload a...
Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default
Overview Hirschmann "Classic Platform" switches contain a password sync feature that syncs the switch administrator password with the SNMP community password, exposing the administrator password to attackers on the local network. Description CWE-257: Storing Passwords in a Recoverable Format For...
Fisher-Price Smart Toy platform allows some unauthenticated web API commands
Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things IoT toy. The device utilizes network connectivity to provide...
Medicomp MEDCIN Engine contains multiple vulnerabilities
Overview Medicomp's MEDCIN Engine provide electronic health records EHR tools and information to medical professionals. MEDCIN Engine versions before version 2.22.20153.226 are vulnerable to several buffer overflows. Description Medicomp MEDCIN Engine prior to version 2.22.20153.226 is vulnerable...
D-Link DCS-93xL model family allows unrestricted upload
Overview The D-Link DCS-93xL family of devices specifically the DCS-930L, DCS-931L, DCS-932L, and DCS-933L models allows an attacker to upload arbitrary files from the attackers system. Description CWE-434: Unrestricted Upload of File with Dangerous Type The D-Link DCS-93xL family of devices allo...
Intel BIOS locking mechanism contains race condition that enables write protection bypass
Overview A race condition exists in Intel chipsets that rely solely on the BIOSCNTL.BIOSWE and BIOSCNTL.BLE bits as a BIOS write locking mechanism. Successful exploitation of this vulnerability may result in a bypass of this locking mechanism. Description CWE-362: Concurrent Execution using Share...
Microsoft Internet Explorer CMarkup use-after-free vulnerability
Overview Microsoft Internet Explorer contains a use-after-free vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability. This can allow for arbitrary code...
McAfee Managed Agent contains a denial-of-service (DoS) vulnerability
Overview McAfee Managed Agent versions 4.5, 4.6, and possibly earlier versions contain a denial-of-service DoS vulnerability CWE-400. Description CWE-400:Uncontrolled Resource Consumption 'Resource Exhaustion' McAfee Managed Agent versions 4.5 and 4.6 contain a denial-of-service DoS vulnerability...
Novell File Reporter contains multiple vulnerabilities
Overview Novell File Reporter 1.0.2 contains multiple vulnerabilities including a heap overflow, arbitrary file retrieval, and arbitrary file upload. Description The Rapid7 advisory states:CVE-2012-4956 - Heap Overflow When handling requests of name "SRS", the NFRAgent.exe fails to generate a...
Multiple MIT KRB5 KDC daemon vulnerabilities
Overview MIT's KRB5 KDC version 1.8 and 1.9 contain multiple vulnerabilities. Description The MIT krb5 Security Advisory 2011-006 states:CVE-2011-1527: In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition i...
Windows font library file buffer overflow
Overview Microsoft Windows contains a buffer overflow vulnerability in the handling of font library files, which may allow a remote, unauthenticated attacker to execute arbitrary code with kernel privileges. Description Microsoft Windows supports a variety of font formats. One of which is the fon...
Oracle Solaris 10 password hashes leaked through back-out patch files
Overview Oracle Solaris 10 back-out patch files undo.Z contain password hashes which may be readable by unprivileged users. Description The root password hash along with other users' password hashes may be contained in the back-out patch files. In some instances, these files may be readable by...
Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 data
Overview Xpdf and poppler contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Xpdf is an open source viewer for Portable Document Format PDF files. Several PDF viewing applications and libraries, such a...
Microsoft SQL Server fails to properly validate parameters to the sp_replwritetovarbin extended stored procedure
Overview A vulnerability in the Microsoft SQL Server spreplwritetovarbin extended stored procedure could allow an authenticated attacker to execute arbitrary code on an affected server. Description Some versions of Microsoft SQL Server contain a vulnerability in the spreplwritetovarbin stored...
Citect CitectSCADA ODBC service buffer overflow
Overview Citect CitectSCADA contains a remotely accessible buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code. Description Citect CitectSCADA is software used for monitoring and control in Supervisory Control And Data Acquisition SCADA systems. A buffer...
Apache mod_jk2 host header buffer overflow
Overview A vulnerability exists in the legacy version of the modjk2 Apache module. If successfully exploited, the vulnerability may allow an attacker to run arbitrary code on affected system. Description The host header field allows HTTP 1.1 RFC 2616 compliant servers to host multiple domains usi...
Mozilla products may allow directory traversal
Overview A vulnerability exists in the way Mozilla products with certain extensions handle chrome: URIs that may allow directory traversal. Description Mozilla extensions are small add-ons that can be integrated with Mozilla products to provide added functionality. Mozilla products contain a...
KAME project IPv6 IPComp header denial of service vulnerability
Overview The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash. Description Per RFC 3173:IP payload compression is a protocol to reduce the size of ...
OpenSSL FIPS Object Module fails to properly generate random seeds
Overview The OpenSSL FIPS Module fails to perform auto-seeding, which may allow an attacker to predict pseudo-randomly generated data. Description OpenSSL is a toolkit that provides SSL and TLS protocols as well as a general purpose cryptography library. The OpenSSL FIPS Object Module provides an...
Mortbay Jetty Dump Servlet vulnerable to cross-site scripting
Overview The Mortbay Jetty Dump Servlet contains a cross-site scripting vulnerability. Description Mortbay Jetty is a web server that is written in Java. The Dump Servlet that is included with Jetty is vulnerable to cross-site scripting. Note that according to the vendor, the Dump Servlet is for...
RSA key reconstruction vulnerability
Overview Various implementations of RSA may contain a vulnerability that could allow an attacker to retrieve encryption keys. Description Some implementations of RSA may contain a vulnerability that could allow a local attacker to retrieve encryption keys. OpenSSL is a widely used open source...
Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field
Overview The example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the "From" field. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat includes a sample page called SendMailServlet,...
Akamai Download Manager ActiveX control buffer overflow
Overview The Akamai Download Manager ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Akamai Download Manager is software designed to enhance the ability to download content. The Akamai...
MIT Kerberos 5 GSS-API library double-free vulnerability
Overview The GSS-API library provided with MIT krb5 contains a vulnerability that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability in the way the GSS-API library provided with MIT krb5 handles messages with an invalid...
MIT Kerberos 5 administration daemon stack overflow in krb5_klog_syslog()
Overview The Kerberos administration daemon contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the krb5klogsyslog function used by the Kerberos administration daemon handl...
Apple Mac OS X ImageIO memory corruption vulnerability
Overview Apple's ImageIO framework contains an memory corruption vulnerability that may allow an attacker to execute code on a vulnerable system. Description The RAW Image file format is a popular image format supported by many Apple Mac OS X applications. The ImageIO framework allows application...
Mozilla Firefox SVG viewer vulnerable to integer overflow
Overview The Mozilla SVG viewer contains an integer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description Scalable Vector Graphics SVG is an XML markup language for describing and displaying animated or...
Sun Java JRE vulnerable to arbitrary code execution via an unspecified error
Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...
Microsoft Server Service may disclose information used to store SMB traffic
Overview A vulnerability in the Microsoft Server service may allow an attacker to view fragments of memory used to store SMB traffic. Description Microsoft Server Service The Microsoft Server service supports file, print, and named-pipe sharing over the network. Server Message Block Server Messag...
Mozilla products vulnerable to memory corruption via large regular expression in JavaScript
Overview A vulnerability in the way the JavaScript engine of Mozilla products and derivative programs handles a large regular expression could allow a remote attacker to crash the application or execute arbitrary code on a vulnerable system. Description A regular expression is a special text stri...
Sun Java Runtime Environment "reflection" API privilege elevation vulnerabilities
Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...
Ruby safe-level security model bypass
Overview Ruby contains a vulnerability that may allow arbitrary code to be run without the intended safe-level checks being applied. Description Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: taint flagging and safe levels. Safe levels...
Microsoft Outlook Web Access vulnerable to cross-site scripting
Overview Microsoft Outlook Web Access may be vulnerable to cross-site scripting attacks. Description Microsoft Outlook Web Access OWA allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser.Microsoft Outlook Web Access for Exchange Server...
Microsoft Windows opens OLE2 documents using a program specified internally by the document
Overview Microsoft Windows may allow remote code execution through specially crafted OLE2 documents. Description Microsoft object linking and embedding OLE is a technology that allows applications to create and edit compound documents. Compound documents can contain embedded documents or links to...
Multiple Telnet clients fail to properly handle the "LINEMODE" SLC suboption
Overview Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protoco...
Konqueror fails to restrict access to Java classes
Overview The Konqueror web browser may allow Java applets and JavaScripts to bypass the Java security settings and access restricted Java classes. Exploitation may allow a remote attacker to read and write arbitrary files on a vulnerable system. Description Konqueror is a web browser and file...
GdkPixbuf BMP parser may enter an infinite loop
Overview A vulnerability exists in the BMP handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used b...
tcpdump contains integer underflow vulnerability in ISAKMP "Identification Payload" handling
Overview A vulnerability in tcpdump could allow a remote attacker to cause a denial of service on an affected system. Description The tcpdump tool allows for the inspection of network packets and contains decoders for many standard protocols, including the Internet Security Association and Key...
BlackJumboDog contains buffer overflow vulnerability
Overview BlackJumboDog fails to verify the length of several FTP commands, creating a buffer overflow vulnerability. Exploitation of this vulnerability may result in code execution on the target system with privileges of the FTP service. Description BlackJumboDog is a multi-function server for...
Ethereal fails to properly decode Transaction IDs within TCAP packets
Overview Ethereal contains a vulnerability in the way the Transaction Capabilities Application Part TCAP protocol dissector parses ASN.1 encoded Transaction IDs within TCAP packets. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing TC...
Libxml2 URI parsing errors in nanohttp and nanoftp
Overview Libxml is the XML parser for Gnome, a desktop suite and development platform for Linux systems. Libxml2, the latest version of the library as of this writing, has a buffer overflow vulnerability which may allow execution of arbitrary code. Description Gnome, a desktop suite and developme...
Nokia Gateway GPRS support node vulnerable to DoS
Overview A vulnerability in the Nokia Gateway GPRS support node GGSN may allow a remote attacker to cause a denial of service. Description A vulnerability in the GGSN may allow a remote attacker to restart the device. For technical details, please see the @stake Security Advisory Nokia GGSN IP650...
Cisco Aironet AP1100 fails to provide universal login error messages thereby disclosing validity of user account
Overview A vulnerability in the Cisco Aironet 1100 Series Access Point may allow a remote attacker to discover valid accounts on the access point. Description Cisco describes the Aironet 1100 Series Access Point as, "an affordable and upgradable 802.11b wireless LAN WLAN solution, setting the...