3702 matches found
ISC BIND 8 contains buffer overflow in transaction signature (TSIG) handling code
Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is a buffer overflow vulnerability in BIND 8.2.x, which may allow remote intruders to gain access to systems running BIND. DNS servers running BIND 8 a...
BIND T_NXT record processing may cause buffer overflow
Overview A vulnerability in BIND, repaired in verison 8.2.2p5, allows remote attackers to execute code with the privileges of the process running named. This vulnerability was widely exploited from November 1999 to December 2000. Description There is a buffer overflow in the processing of NXT...
phf CGI Script fails to guard against newline characters
Overview This document describes a vulnerability in a CGI script known as phf which was widely exploited in 1996 and 1997. Description The phf CGI script constructs a partial command line consisting of the ph command and appropriate arguments, and completes the command line based on the input fro...
HHOpen ActiveX Control buffer overflow in OpenHelp method
Overview Description The HHOpen ActiveX control hhopen.ocx has a buffer overflow in the OpenHelp method. Because the control is marked safe-for-scripting, an attacker may be able to script this control and exploit the vulnerability when you visit a web page.The classID for the vulnerable control...
Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a...
Qt allows for privilege escalation due to hard-coding of qt_prfxpath value
Overview Prior to version 5.14, Qt hard-codes the qtprfxpath value to a fixed value, which may lead to privilege escalation vulnerabilities in Windows software that uses Qt. Description Prior to version 5.14, Qt hard-codes the qtprfxpath value to a value that reflects the path where Qt exists on...
Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation
Overview Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. Description CWE-276: Incorrect Default Permissions - CVE-2017-3210A number of applications developed using the Portrait Displays SDK...
TrackR Bravo contains multiple vulnerabilities
Overview TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313:Cleartext Storage in a File or on Disk - CVE-2016-6538The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in...
ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities
Overview ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255: Credentials Management - CVE-2015-7280The ReadyNet WRT300N-DD Wireless Router...
IBM WebSphere Application Server contains multiple vulnerabilities
Overview IBM WebSphere Application Server, including the Hypervisor Edition, contains cross-site scripting and cross-site request forgery vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-4770IBM WebSphere Applicatio...
AVG Safeguard and Secure Search ActiveX controls provides insecure methods
Overview The AVG Secure Search toolbar, also known as AVG Safeguard includes an ActiveX control that provides a number of unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. Description AVG Secure Search is a toolbar add-on...
DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability
Overview DELL SonicWALL GMS/Analyzer/UMA version 7.1, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' DELL SonicWALL GMS/Analyzer/UMA version 7.1 contain...
Real Media Player filename handler stack buffer overflow vulnerability
Overview Real Media Player fails to parse filenames correctly, which may allow a remote, unauthenticated attacker to execute arbitrary code in the context of the logged in user. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-4973Real Media Player versions prior to version 16.0.3.51 a...
Dell OpenManage Server Administrator contains a cross-site scripting vulnerability
Overview Dell OpenManage Server Administrator version 7.1 and earlier contains a cross-site scripting vulnerability. Description Dell OpenManage Server Administrator version 7.1 and earlier contains a cross-site scripting vulnerability CWE-79. --- Impact A remote attacker may be able to execute...
Erlang/OTP SSH library uses a weak random number generator
Overview The Erlang/OTP SSH library's random number generator is not cryptographically strong because it relies on predictable seed material. Description Geoff Cant's report states:The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong...
NetGear WNAP210 remote password disclosure and password bypass vulnerability
Overview NetGear WNAP210 is vulnerable to remote administrator password disclosure and administrative web page login bypass. Description Netgear's ProSafe Wireless-N Access Point WNAP210 contains a vulnerability which may allow a remote unauthenticated attacker to recover the device's administrat...
Exim alternate configuration privilege escalation vulnerability
Overview A vulnerability in the way that the Exim mail server handles configuration files may allow a local attacker to gain escalated privileges on an affected system. Description Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to t...
Adobe Flash 10.1 ActionScript AVM1 ActionPush vulnerability
Overview Adobe Flash contains a vulnerability in the handling of the ActionScript, AVM1 ActionPush command, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash supports two main types of ActionScript, which is the scripting language for Flash...
Internet Explorer VBScript Windows Help arbitrary code execution
Overview Microsoft Internet Explorer is vulnerable to arbitrary code execution through the use of VBScript and Windows Help. Description Microsoft Internet Explorer supports the use of VBScript, in addition to the more widely-used JavaScript scripting language. Several VBScript commands allow a...
DISA UNIX SRR scripts execute untrusted programs as root
Overview The Defense Information Systems Agency DISA UNIX Security Readiness Review SRR scripts find1 and execute -exec various programs to obtain version information. The SRR scripts are designed to be run as root. An attacker who can write a file under the root file system may be able to exploi...
Wonderware SuiteLink null pointer dereference
Overview A vulnerability in the way Wonderware SuiteLink handles malformed TCP packets could result in a denial of service. Description Wonderware SuiteLink is a protocol based on TCP/IP that runs as a service listening for connections on port 5413/tcp on Microsoft Windows operating systems. A...
MIT Kerberos contains array overrun in RPC library used by kadmind
Overview Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. Description The MIT krb5 Kerberos implementation includes a GSS RPC library used in the Kerberos administration server kadmind. Two flaws exist ...
Earth Resource Mapping NCSView ActiveX control stack buffer overflows
Overview The Earth Resource Mapping NCSView ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Earth Resource Mapping NCSView ActiveX control, which is provided by...
MIT Kerberos kadmind RPC library gssrpc__svcauth_gssapi() uninitialized pointer free vulnerability
Overview The MIT Kerberos administration daemon kadmind can free an uninitialized pointer, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description The gssrpcsvcauthgssapi function used by the Kerberos administration daemon can free an...
Apple iChat AIM URI handler format string vulnerability
Overview Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. Description The Apple iChat AIM URI handler fails to properly sanitize user-controlled data that is supplied to a formatted output function. This...
Mozilla SVG memory corruption vulnerability
Overview Mozilla products contain a memory corruption vulnerability related to SVG processing. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Scalable Vector Graphics SVG processing code in Mozilla Firefox and SeaMonke...
Symantec Veritas NetBackup bpcd daemon buffer overflow
Overview Symantec Veritas NetBackup contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon is...
Apple Mac OS X PPP driver fails to properly validate PADI packets
Overview The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation PADI packets. This vulnerability may allow a remote attacker to execute arbitrary code with system privileges. Description The Apple Mac OS X PPP driver fails to properly handle PADI packets allowing...
Sky Software FileView ActiveX control buffer overflow vulnerability
Overview The Sky Software FileView ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Sky Software FileView object is an ActiveX control that is provided with several...
Citrix Access Gateway LDAP authentication bypass
Overview An error with LDAP authentication in Citrix Access Gateway appliances may allow an attacker to successfully authenticate without providing correct login credentials. Description Citrix Access Gateway appliances use SSL VPN technology to give remote users secure access shared resources...
Microsoft PowerPoint fails to properly handle malformed object pointers
Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed object pointers, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoi...
SISCO OSI stack fails to properly validate packets
Overview A vulnerability exists in the SISCO OSI stack for Windows. If successfully exploited, an attacker could cause a denial-of-service condition. Description Inter-control Center Communications Protocol ICCP The Inter-control Center Communications Protocol ICCP is a protocol that is used to...
gzip contains an infinite loop vulnerability in its LZH handling
Overview The gzip program contains a infinite loop vulnerability that may allow an attacker to create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. A infinite loop vulnerability exists in the way gzip handles certain files. An...
Microsoft Internet Explorer long URL buffer overflow
Overview Microsoft Internet Explorer is vulnerable to a buffer overflow when processing a long URL on a web site that uses HTTP 1.1 compression. This could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer 6 Service...
Microsoft Internet Explorer fails to properly interpret layout positioning
Overview Microsoft Internet Explorer fails to properly handle certain combinations of layout positioning. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a vulnerability in the handling of certain combinations of...
MIT Kerberos (krb5) krshd and v4rcp do not properly validate setuid() or seteuid() calls
Overview Privilege escalation vulnerabilities in MIT krb5 krshd and v4rcp may allow an authenticated attacker to execute arbitrary code. Description The MIT krb 5 krshd and v4rcp programs contain multiple privilege escalation vulnerabilities. MIT krb5 Security Advisory 2006-001 states that the...
Mozilla products VCard attachment buffer overflow
Overview Mozilla products fail to properly handle malformed VCard attachments, which allows a buffer overflow to occur. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Mozilla Foundation Security Advisory 2006-49:A VCard...
Juniper JUNOS IPv6 denial-of-service vulnerability
Overview Juniper JUNOS Internet Software contains a vulnerability in IPv6 handling that could allow a remote attacker to cause a denial of service. Description Juniper router operating system software JUNOS does not properly free memory allocated for certain IPv6 packets. If a fixed amount of...
Mozilla crypto.generateCRMFRequest() vulnerability
Overview A vulnerability exists in the Mozilla JavaScript routine generateCRMFRequest that may allow a remote attacker to execute arbitrary code. Description The crypto object and generateCRMFRequest The crypto object is used to provide services related to cryptography, such as handling digital...
RDS.Dataspace ActiveX control bypasses ActiveX security model
Overview The Microsoft RDS.Dataspace ActiveX control bypasses the ActiveX security model, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveX ActiveX is a technology that allows programmers to create reusable software components...
Microsoft Windows TCP/IP fails to properly validate IGMP packets
Overview Microsoft Windows implementations of the TCP/IP protocol fail to properly validate IGMP packets, leading to a denial-of-service condition. Description TCP and IGMP The Transmission Control Protocol TCP is defined in RFC 793 as a means to provide reliable host-to-host transmission between...
Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability
Overview Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the Windows operating...
Sun Java Runtime Environment "reflection" API privilege elevation vulnerabilities
Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...
VERITAS NetBackup Java Administration Console contains a format string vulnerability in "bpjava-msvc"
Overview The VERITAS NetBackup Java Administration Console contains a format string vulnerability, which may allow an unauthenticated, remote attacker to execute arbitrary code with root or SYSTEM privileges. Description The Java Administration Console is an alternative administrative interface f...
Mozilla Firefox fails to properly sanitize user-supplied URIs via shell script
Overview A lack of input validation in a supplemental shell script included with some Mozilla browsers may allow a remote, unauthenticated attacker to execute arbitrary commands. Description The Linux versions of the Mozilla Firefox and Mozilla Suite web browsers include a wrapper shell script fo...
Cisco ACNS RealServer RealSubscruber vulnerable to DoS via malformed IP packets
Overview A vulnerability in Cisco ACNS RealServer RealSubscriber may allow a remote attacker to cause a denial of service on an affected device via malformed IP packets. Description Cisco Application and Content Networking System ACNS is an integrated caching and content-delivery platform. ACNS 5...
SMB filesystem read system call vulnerable to buffer overflow
Overview The SMB filesystem read system call contains buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition. Description "Server Message Block SMB is an application-level protocol that supports file, printer, and other resource sharing. The SMB filesystem...
Microsoft Windows kernel vulnerable to a denial-of-service condition via animated cursor (.ani) frame number
Overview A vulnerability exists in the way the Microsoft Window's kernel processes animated cursor .ani files with a frame number set to zero. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Description A vulnerability exists in the way the...
KDE DCOPServer insecurely creates temporary files
Overview KDE DCOPServer insecurely creates and maintains temporary files used for authentication purposes. Unauthorized local users may be able to modify user account information and execute arbitrary commands with the privileges of the compromised account. Description The Desktop COmmunications...
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
Overview The krb5rdcred function in the MIT Kerberos 5 library does not securely deallocate heap memory when decoding ASN.1 structures, resulting in a double-free vulnerability. A remote, authenticated attacker could execute arbitrary code or cause a denial of service on any system running an...