3704 matches found
MySQL allows default user to be changed to root via custom "my.cnf" file
Overview MySQL reads configuration options from world-writeable files. This can lead to a remote user gaining elevated privileges. Description A message posted to the bugtraq mailing list details a vulnerability affecting versions of MySQL prior to 3.23.56. MySQL would permit users with 'FILE'...
Microsoft Word does not check for macros contained in linked template file when opening RTF document
Overview There is a vulnerability caused by a failure to detect macros embedded in templates used by rich text format documents opened in Microsoft Word. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description...
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows
Overview Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a deni...
Microsoft Internet Information Server (IIS) 4.0 and 5.0 buffer overflow in chunked encoding transfer mechanism for ASP
Overview A buffer overflow vulnerability in IIS 4.0 and 5.0 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the ASP ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to a web...
diffutils sdiff creates temporary files insecurely
Overview diffutils, a set of utilities distributed with many versions of linux, contains a utility called sdiff, which creates temporary files of predictable names in an insecure fashion. Using a symbolic link attack, an intruder can cause overwrite of any file writable by the user executing sdif...
Microsoft IIS vulnerable to DoS via invalid request for very long WebDAV requests
Overview Intruders can disrupt the normal operation of an IIS 5.0 server using a malicious Web Distributed Authoring and Versioning WebDAV request. Description WebDAV is an extension to HTTP used to manage content on web servers. Quoting from RFC 2518: WebDAV is an extension to the HTTP/1.1...
Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options
Overview The telnetd program is a server for the telnet remote virtual terminal protocol. There is a remotely exploitable buffer overflow in telnet daemons derived from BSD source code. This vulnerability can crash the server, or be leveraged to gain root access. Description There is a remotely...
Microsoft Frontpage Server Remote Application Deployment (RAD) component vulnerable to buffer overflow via malformed packet sent to server component
Overview Microsoft Frontpage Server Remote Application Deployment RAD component contains an unchecked buffer which can allow an intruder to execute arbitrary code with the privileges of IUSRmachinename or system. Description A buffer overflow in the Microsoft Frontpage Server Remote Application...
gpm-root fails to correctly release GID 0 membership for user defined menus
Overview gpm-root does not properly drop group privileges. Local users can gain group privileges by starting a utility from gpm-root. The gpm package is usually included in Linux distributions, and can be started from the command line or in the startup script /etc/rc.d/rc.local. Description gpm...
HHOpen ActiveX Control buffer overflow in OpenHelp method
Overview Description The HHOpen ActiveX control hhopen.ocx has a buffer overflow in the OpenHelp method. Because the control is marked safe-for-scripting, an attacker may be able to script this control and exploit the vulnerability when you visit a web page.The classID for the vulnerable control...
Qt allows for privilege escalation due to hard-coding of qt_prfxpath value
Overview Prior to version 5.14, Qt hard-codes the qtprfxpath value to a fixed value, which may lead to privilege escalation vulnerabilities in Windows software that uses Qt. Description Prior to version 5.14, Qt hard-codes the qtprfxpath value to a value that reflects the path where Qt exists on...
Checkbox Survey insecurely deserializes ASP.NET View State data
Overview Checkbox Survey prior to version 7.0 insecurely deserializes ASP.NET View State data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable server. Description CVE-2021-27852 Checkbox Survey insecurely deserializes ASP.NET View State data. Checkbox...
Sungard eTRAKiT3 may be vulnerable to SQL injection
Overview According to the reporter, the Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database. Description CWE-89: Improper Neutralization of Special Elements us...
iTrack Easy contains multiple vulnerabilities
Overview iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-200: Information Exposure - CVE-2016-6542The iTrack device tracking ID number is the device's BLE MAC address. It can be obtained by being in range of the...
Multiple Toshiba products are vulnerable to trusted service path privilege escalation
Overview Bluetooth Stack for Windows by Toshiba and TOSHIBA Service Station contain a trusted service path privilege escalation vulnerability. Description CWE-428: Unquoted Search Path or Element Bluetooth Stack for Windows by Toshiba versions 9.10.27T and earlier, as well as TOSHIBA Service...
Adtrustmedia PrivDog fails to validate SSL certificates
Overview Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing. Description Adtrustmedia PrivDog is a Windows application that advertises "... safer, faster and more private web browsing." Privdog installs a Man-in-the-Middle MITM proxy as we...
Zenoss Core contains multiple vulnerabilities
Overview The Zenoss Core application, server, and network management platform software contains multiple vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code. Description The Zenoss Core application, server, and network management platform software...
Cobham SATCOM products' web interface contains a weak password recovery vulnerability
Overview Some Cobham products have a web interface that contains a weak password recovery mechanism for the administrator account. Description CWE-640: Weak Password Recovery Mechanism for Forgotten Password IOActive has reported that Cobham SAILOR 900 VSAT, SAILOR FleetBroadBand 150/250/500,...
Cobham Aviator satellite terminals contain multiple vulnerabilities
Overview Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Description Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:CWE-327:Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-2942 Please note that th...
Caldera 9.20 contains multiple vulnerabilities
Overview Caldera 9.20, and possibly earlier versions, contains multiple vulnerabilities. Description CWE-22 - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2014-2933Caldera 9.20 and possibly earlier versions contains a path traversal vulnerability due to the...
libpng denial-of-service vulnerability
Overview libpng versions 1.6.0 through 1.6.9 contain a denial-of-service vulnerability. Description CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' - CVE-2014-0333Glenn Randers Pehrson of the PNG Development Group reports: The progressive decoder in libpng16 enters an infinite loop,...
DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability
Overview DELL SonicWALL GMS/Analyzer/UMA version 7.1, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' DELL SonicWALL GMS/Analyzer/UMA version 7.1 contain...
Power2Go buffer overflow vulnerability
Overview Power2Go 8 contains a buffer overflow in the handling of project .p2g files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to CyberLink's website, "Power2Go 8 features all the tools you need to easily copy all...
Oracle Outside In CorelDRAW file parser stack buffer overflow
Overview Oracle Outside In contains a stack buffer overflow in the CorelDRAW parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file formats. Originally...
LibreOffice 3.3 'Lotus Word Pro' document import filter contains multiple vulnerabilities
Overview LibreOffice 3.3.2 includes a feature to import 'Lotus Word Pro' .lwp documents. This import filter contains multiple vulnerabilities. CERT/CC has confirmed that code execution is possible by exploiting a stack buffer overflow. Description LibreOffice 3.3.2, 3.3.1, and possibly earlier...
Exim alternate configuration privilege escalation vulnerability
Overview A vulnerability in the way that the Exim mail server handles configuration files may allow a local attacker to gain escalated privileges on an affected system. Description Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to t...
Ghostscript Heap Corruption in TrueType bytecode interpreter
Overview The TrueType bytecode interpreter which is a part of Ghostscript is prone to heap corruption. Description Ghostscript includes a TrueType bytecode interpreter which is prone to an off by one bug which causes heap corruption. Further details can be found in the Ghostscript Bug 691044,...
Adobe Flash 10.1 ActionScript AVM1 ActionPush vulnerability
Overview Adobe Flash contains a vulnerability in the handling of the ActionScript, AVM1 ActionPush command, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash supports two main types of ActionScript, which is the scripting language for Flash...
Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting
Overview Liferay Portal is vulnerable to persistent cross-site scripting via the ppid parameter, which can allow a remote, unauthenticated attacker to execute arbitrary script in the context of the portal administrator. Description Liferay Portal is a web portal that can provide Java applets that...
NetBSD malformed ICMPv6 MLD-QUERY denial of service
Overview NetBSD fails to properly handle ICMPv6 MLD query packets, which can allow a remote, unauthenticated attacker to cause a denial of service. Description ICMPv6, which is defined in RFC 4443, is a version of the ICMP protocol for IPv6. Multicast Listener Discovery MLD for IPv6, which is...
Wonderware SuiteLink null pointer dereference
Overview A vulnerability in the way Wonderware SuiteLink handles malformed TCP packets could result in a denial of service. Description Wonderware SuiteLink is a protocol based on TCP/IP that runs as a service listening for connections on port 5413/tcp on Microsoft Windows operating systems. A...
Adobe Flash Player may load arbitrary, malformed cross-domain policy files
Overview Adobe Flash Player may load arbitrary, malformed cross-domain policy files. This could allow an attacker to control cross-domain data loading, potentially allowing the attacker to gain access to sensitive information or to manipulate content in other domains. Description Adobe Flash Play...
MIT Kerberos contains array overrun in RPC library used by kadmind
Overview Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. Description The MIT krb5 Kerberos implementation includes a GSS RPC library used in the Kerberos administration server kadmind. Two flaws exist ...
UltraVNC buffer overflow vulnerability
Overview UltraVNC viewer contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute arbitrary code. Description UltraVNC viewer is a remote desktop application that allows a user to control compatible VNC servers. The UltraVNC viewer includes a...
Earth Resource Mapping NCSView ActiveX control stack buffer overflows
Overview The Earth Resource Mapping NCSView ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Earth Resource Mapping NCSView ActiveX control, which is provided by...
Microsoft XML Core Services XMLDOM substringData() buffer overflow
Overview Microsoft XML Core Services contains an unspecified memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use JScript, Visual Basic Scripting...
MIT Kerberos kadmind RPC library gssrpc__svcauth_gssapi() uninitialized pointer free vulnerability
Overview The MIT Kerberos administration daemon kadmind can free an uninitialized pointer, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description The gssrpcsvcauthgssapi function used by the Kerberos administration daemon can free an...
Microsoft Office drawing object vulnerability
Overview Microsoft Office fails to properly handle malformed drawing objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Office fails to properly handle malformed drawing objects embedded within Office documents. By convincing ...
Mozilla Network Security Services (NSS) fails to properly handle the client master key
Overview A vulnerability in the way Mozilla Network Security Services NSS handles the client master key may lead to execution of arbitrary code. Description The SSLv2 protocol uses a client master key to generate all subsequent session keys. The validity of the client master key is determined...
Mozilla JavaScript engine vulnerable to memory corruption
Overview The Mozilla JavaScript engine contains multiple memory corruption vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, or create a denial of service condition. Description The Mozilla Foundation supports several Open Source projects, including the...
Microsoft MFC component vulnerable to remote code execution via malformed embedded OLE object
Overview A memory corruption vulnerability exists in the MFC component that is provided with Microsoft Windows and Visual Studio Description The Microsoft Foundation Class Library MFC, is a Microsoft library that wraps parts of the Windows API in C++ classes. MFC is included in Microsoft Visual...
Microsoft PowerPoint fails to properly handle malformed object pointers
Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed object pointers, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoi...
SISCO OSI stack fails to properly validate packets
Overview A vulnerability exists in the SISCO OSI stack for Windows. If successfully exploited, an attacker could cause a denial-of-service condition. Description Inter-control Center Communications Protocol ICCP The Inter-control Center Communications Protocol ICCP is a protocol that is used to...
gzip contains an infinite loop vulnerability in its LZH handling
Overview The gzip program contains a infinite loop vulnerability that may allow an attacker to create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. A infinite loop vulnerability exists in the way gzip handles certain files. An...
BIND vulnerable to an assertion failure when querying for SIG records
Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A flaw exists in the...
Xsan Filesystem fails to properly process path names
Overview A buffer overflow vulnerability in Apple's Xsan product may allow a local attacker to run arbitrary code with root privileges or create a denial-of-service condition. Description Xsan FilesystemXsan is a Storage Area Network SAN filesystem designed for use by Apple OS X and OS X Server...
Microsoft Internet Explorer fails to properly interpret layout positioning
Overview Microsoft Internet Explorer fails to properly handle certain combinations of layout positioning. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a vulnerability in the handling of certain combinations of...
Mozilla products VCard attachment buffer overflow
Overview Mozilla products fail to properly handle malformed VCard attachments, which allows a buffer overflow to occur. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Mozilla Foundation Security Advisory 2006-49:A VCard...
Juniper JUNOS IPv6 denial-of-service vulnerability
Overview Juniper JUNOS Internet Software contains a vulnerability in IPv6 handling that could allow a remote attacker to cause a denial of service. Description Juniper router operating system software JUNOS does not properly free memory allocated for certain IPv6 packets. If a fixed amount of...
Linux Kernel may fail to properly handle SNMP packets
Overview A memory freeing vulnerability in the Linux kernel module ipnatsnmpbasic can be exploited to create a denial-of-service condition. Description ipnatsnmpbasic The ipnatsnmpbasic IP NAT module is intended for use with SNMP network discovery and monitoring applications where target networks...