Microsoft Outlook Web Access vulnerable to cross-site scripting

Overview Microsoft Outlook Web Access may be vulnerable to cross-site scripting attacks. Description Microsoft Outlook Web Access OWA allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser.Microsoft Outlook Web Access for Exchange Server...

Microsoft Windows help viewer vulnerable to heap overflow

Overview A vulnerability exists in the Microsoft Windows help viewer application that could allow a remote attacker to execute code of their choosing on a vulnerable system. Description The Microsoft Windows help viewer winhlp32.exe provides application assistance to users through a special type ...

Apple Mac OS X Server NetInfo Setup Tool fails to validate command line parameters

Overview Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow an attacker to execute arbitrary code. Description NeST is the NetInfo Setup Tool for Apple Mac OS X Server. There is a buffer overflow vulnerability in the way NeST...

Microsoft Windows opens OLE2 documents using a program specified internally by the document

Overview Microsoft Windows may allow remote code execution through specially crafted OLE2 documents. Description Microsoft object linking and embedding OLE is a technology that allows applications to create and edit compound documents. Compound documents can contain embedded documents or links to...

Multiple Telnet clients fail to properly handle the "LINEMODE" SLC suboption

Overview Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protoco...

BlackJumboDog contains buffer overflow vulnerability

Overview BlackJumboDog fails to verify the length of several FTP commands, creating a buffer overflow vulnerability. Exploitation of this vulnerability may result in code execution on the target system with privileges of the FTP service. Description BlackJumboDog is a multi-function server for...

Libxml2 URI parsing errors in nanohttp and nanoftp

Overview Libxml is the XML parser for Gnome, a desktop suite and development platform for Linux systems. Libxml2, the latest version of the library as of this writing, has a buffer overflow vulnerability which may allow execution of arbitrary code. Description Gnome, a desktop suite and developme...

MySQL allows default user to be changed to root via custom "my.cnf" file

Overview MySQL reads configuration options from world-writeable files. This can lead to a remote user gaining elevated privileges. Description A message posted to the bugtraq mailing list details a vulnerability affecting versions of MySQL prior to 3.23.56. MySQL would permit users with 'FILE'...

Microsoft Word does not check for macros contained in linked template file when opening RTF document

Overview There is a vulnerability caused by a failure to detect macros embedded in templates used by rich text format documents opened in Microsoft Word. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description...

Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows

Overview Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a deni...

Microsoft Internet Information Server (IIS) 4.0 and 5.0 buffer overflow in chunked encoding transfer mechanism for ASP

Overview A buffer overflow vulnerability in IIS 4.0 and 5.0 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the ASP ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to a web...

Microsoft Windows Universal Plug and Play (UPNP) service vulnerable to buffer overflow via malformed advertisement packets

Overview A buffer overflow in Universal Plug and Play UPnP service on Microsoft Windows XP, Microsoft Windows ME, and Microsoft Windows 98 permits an intruder to run arbitrary code on vulnerable systems. Description Universal Plug and Play UPnP is a system to allow network devices to operate...

diffutils sdiff creates temporary files insecurely

Overview diffutils, a set of utilities distributed with many versions of linux, contains a utility called sdiff, which creates temporary files of predictable names in an insecure fashion. Using a symbolic link attack, an intruder can cause overwrite of any file writable by the user executing sdif...

Microsoft Exchange Outlook Web Access fails to authenticate users when searching the Global Address List

Overview Microsoft Exchange servers that offer the Outlook Web Access service are vulnerable to an information disclosure vulnerability that can reveal any email address stored in the Global Address List. Description The Outlook Web Access OWA component of Microsoft Exchange allows users to acces...

Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options

Overview The telnetd program is a server for the telnet remote virtual terminal protocol. There is a remotely exploitable buffer overflow in telnet daemons derived from BSD source code. This vulnerability can crash the server, or be leveraged to gain root access. Description There is a remotely...

gpm-root fails to correctly release GID 0 membership for user defined menus

Overview gpm-root does not properly drop group privileges. Local users can gain group privileges by starting a utility from gpm-root. The gpm package is usually included in Linux distributions, and can be started from the command line or in the startup script /etc/rc.d/rc.local. Description gpm...

Lotus Notes Java VM leaks file existence through timing difference in ECLs

Overview Lotus Notes JVM leaks information about the existence of a file. Description A malicious Java applet run in the Lotus Notes web browser can determine if a local file exists. Notes' preferences must be set to browse the web using the Notes browser, with execution of Java applets...

ISC BIND 4 contains buffer overflow in nslookupComplain()

Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is a buffer overflow vulnerability in BIND 4.9.x, which may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no...

HHOpen ActiveX Control buffer overflow in OpenHelp method

Overview Description The HHOpen ActiveX control hhopen.ocx has a buffer overflow in the OpenHelp method. Because the control is marked safe-for-scripting, an attacker may be able to script this control and exploit the vulnerability when you visit a web page.The classID for the vulnerable control...

Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router

Overview An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access sensitive information. Description CVE-2023-4498 is an authentication bypass vulnerability that enables an...

Qt allows for privilege escalation due to hard-coding of qt_prfxpath value

Overview Prior to version 5.14, Qt hard-codes the qtprfxpath value to a fixed value, which may lead to privilege escalation vulnerabilities in Windows software that uses Qt. Description Prior to version 5.14, Qt hard-codes the qtprfxpath value to a value that reflects the path where Qt exists on...

ThreatMetrix SDK for iOS fails to validate SSL certificates

Overview On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. Description ThreatMetrix is a security library for mobile applications, which aims to...

Medicomp MEDCIN Engine contains multiple vulnerabilities

Overview Medicomp's MEDCIN Engine provide electronic health records EHR tools and information to medical professionals. MEDCIN Engine versions before version 2.22.20153.226 are vulnerable to several buffer overflows. Description Medicomp MEDCIN Engine prior to version 2.22.20153.226 is vulnerable...

D-Link DCS-93xL model family allows unrestricted upload

Overview The D-Link DCS-93xL family of devices specifically the DCS-930L, DCS-931L, DCS-932L, and DCS-933L models allows an attacker to upload arbitrary files from the attackers system. Description CWE-434: Unrestricted Upload of File with Dangerous Type The D-Link DCS-93xL family of devices allo...

Xangati software release contains relative path traversal and command injection vulnerabilities

Overview Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities. Description Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities.CWE-23: Relative Path Traversal -CVE-2014-0358 The...

Novell File Reporter contains multiple vulnerabilities

Overview Novell File Reporter 1.0.2 contains multiple vulnerabilities including a heap overflow, arbitrary file retrieval, and arbitrary file upload. Description The Rapid7 advisory states:CVE-2012-4956 - Heap Overflow When handling requests of name "SRS", the NFRAgent.exe fails to generate a...

Power2Go buffer overflow vulnerability

Overview Power2Go 8 contains a buffer overflow in the handling of project .p2g files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to CyberLink's website, "Power2Go 8 features all the tools you need to easily copy all...

Oracle Outside In CorelDRAW file parser stack buffer overflow

Overview Oracle Outside In contains a stack buffer overflow in the CorelDRAW parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file formats. Originally...

LibreOffice 3.3 'Lotus Word Pro' document import filter contains multiple vulnerabilities

Overview LibreOffice 3.3.2 includes a feature to import 'Lotus Word Pro' .lwp documents. This import filter contains multiple vulnerabilities. CERT/CC has confirmed that code execution is possible by exploiting a stack buffer overflow. Description LibreOffice 3.3.2, 3.3.1, and possibly earlier...

Oracle Solaris 10 password hashes leaked through back-out patch files

Overview Oracle Solaris 10 back-out patch files undo.Z contain password hashes which may be readable by unprivileged users. Description The root password hash along with other users' password hashes may be contained in the back-out patch files. In some instances, these files may be readable by...

Ghostscript Heap Corruption in TrueType bytecode interpreter

Overview The TrueType bytecode interpreter which is a part of Ghostscript is prone to heap corruption. Description Ghostscript includes a TrueType bytecode interpreter which is prone to an off by one bug which causes heap corruption. Further details can be found in the Ghostscript Bug 691044,...

Adobe Flash 10.1 ActionScript AVM1 ActionPush vulnerability

Overview Adobe Flash contains a vulnerability in the handling of the ActionScript, AVM1 ActionPush command, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash supports two main types of ActionScript, which is the scripting language for Flash...

Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting

Overview Liferay Portal is vulnerable to persistent cross-site scripting via the ppid parameter, which can allow a remote, unauthenticated attacker to execute arbitrary script in the context of the portal administrator. Description Liferay Portal is a web portal that can provide Java applets that...

Microsoft SQL Server fails to properly validate parameters to the sp_replwritetovarbin extended stored procedure

Overview A vulnerability in the Microsoft SQL Server spreplwritetovarbin extended stored procedure could allow an authenticated attacker to execute arbitrary code on an affected server. Description Some versions of Microsoft SQL Server contain a vulnerability in the spreplwritetovarbin stored...

NetBSD malformed ICMPv6 MLD-QUERY denial of service

Overview NetBSD fails to properly handle ICMPv6 MLD query packets, which can allow a remote, unauthenticated attacker to cause a denial of service. Description ICMPv6, which is defined in RFC 4443, is a version of the ICMP protocol for IPv6. Multicast Listener Discovery MLD for IPv6, which is...

Wonderware SuiteLink null pointer dereference

Overview A vulnerability in the way Wonderware SuiteLink handles malformed TCP packets could result in a denial of service. Description Wonderware SuiteLink is a protocol based on TCP/IP that runs as a service listening for connections on port 5413/tcp on Microsoft Windows operating systems. A...

Adobe Flash Player may load arbitrary, malformed cross-domain policy files

Overview Adobe Flash Player may load arbitrary, malformed cross-domain policy files. This could allow an attacker to control cross-domain data loading, potentially allowing the attacker to gain access to sensitive information or to manipulate content in other domains. Description Adobe Flash Play...

MIT Kerberos contains array overrun in RPC library used by kadmind

Overview Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. Description The MIT krb5 Kerberos implementation includes a GSS RPC library used in the Kerberos administration server kadmind. Two flaws exist ...

Mozilla products may allow directory traversal

Overview A vulnerability exists in the way Mozilla products with certain extensions handle chrome: URIs that may allow directory traversal. Description Mozilla extensions are small add-ons that can be integrated with Mozilla products to provide added functionality. Mozilla products contain a...

KAME project IPv6 IPComp header denial of service vulnerability

Overview The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash. Description Per RFC 3173:IP payload compression is a protocol to reduce the size of ...

OpenSSL FIPS Object Module fails to properly generate random seeds

Overview The OpenSSL FIPS Module fails to perform auto-seeding, which may allow an attacker to predict pseudo-randomly generated data. Description OpenSSL is a toolkit that provides SSL and TLS protocols as well as a general purpose cryptography library. The OpenSSL FIPS Object Module provides an...

Earth Resource Mapping NCSView ActiveX control stack buffer overflows

Overview The Earth Resource Mapping NCSView ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Earth Resource Mapping NCSView ActiveX control, which is provided by...

Lhaca buffer overflow vulnerability

Overview The Lhaca archiving program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description LHA is an archive file format. LHA is used by the Lhaca compression utility.A stack buffer overflow vulnerability exists in the Lhaca program. This...

Akamai Download Manager ActiveX control buffer overflow

Overview The Akamai Download Manager ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Akamai Download Manager is software designed to enhance the ability to download content. The Akamai...

MIT Kerberos 5 GSS-API library double-free vulnerability

Overview The GSS-API library provided with MIT krb5 contains a vulnerability that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability in the way the GSS-API library provided with MIT krb5 handles messages with an invalid...

MIT Kerberos 5 administration daemon stack overflow in krb5_klog_syslog()

Overview The Kerberos administration daemon contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the krb5klogsyslog function used by the Kerberos administration daemon handl...

Apple Mac OS X ImageIO memory corruption vulnerability

Overview Apple's ImageIO framework contains an memory corruption vulnerability that may allow an attacker to execute code on a vulnerable system. Description The RAW Image file format is a popular image format supported by many Apple Mac OS X applications. The ImageIO framework allows application...

Mozilla Network Security Services (NSS) fails to properly handle the client master key

Overview A vulnerability in the way Mozilla Network Security Services NSS handles the client master key may lead to execution of arbitrary code. Description The SSLv2 protocol uses a client master key to generate all subsequent session keys. The validity of the client master key is determined...

Mozilla JavaScript engine vulnerable to memory corruption

Overview The Mozilla JavaScript engine contains multiple memory corruption vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, or create a denial of service condition. Description The Mozilla Foundation supports several Open Source projects, including the...

LizardTech DjVu Browser Plug-in buffer overflow vulnerabilities

Overview The LizardTech DjVu Browser Plug-in contains multiple buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description The LizardTech DjVu Browser Plug-in is an application that allows the user to view DjVu documents in a web browser. It is...