Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability

Overview Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the Windows operating...

Apple Mac OS X ImageIO fails to properly handle corrupt GIF files

Overview The Apple Mac OS X ImageIO framework contains a buffer overflow that may allow a remote attacker to execute arbitrary code. Description Apple ImageIO is an image processing framework that was introduced in OS X 10.4 Tiger. ImageIO is used by several applications, including WebCore and...

Microsoft Print Spooler service contains a buffer overflow

Overview A buffer overflow in the Microsoft Print Spooler service may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft, the Print Spooler service is ...an executable file that is installed as a service. The spooler is loaded when the...

Microsoft Internet Explorer Content Advisor contains a buffer overflow

Overview A buffer overflow in Microsoft Internet Explorer Content Advisor may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Content Advisor is used to control what content is viewable in Internet Explorer. A buffer overflow exists in the routines that...

Mozilla products vulnerable to heap overflow via specially crafted GIF file

Overview Mozilla products, including the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird, are vulnerable to a heap-based overflow in the GIF image-processing routines. Description The Mozilla project produces an application suite Mozilla Suite, web browsers Mozilla Firefox, email software...

Cisco ACNS RealServer RealSubscruber vulnerable to DoS via malformed IP packets

Overview A vulnerability in Cisco ACNS RealServer RealSubscriber may allow a remote attacker to cause a denial of service on an affected device via malformed IP packets. Description Cisco Application and Content Networking System ACNS is an integrated caching and content-delivery platform. ACNS 5...

LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine

Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. An integer overflow in the TIFFFetchStripThing routine within the tifdirread.c file may allow an attacker...

GdkPixbuf BMP parser may enter an infinite loop

Overview A vulnerability exists in the BMP handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used b...

Ethereal fails to properly decode Transaction IDs within TCAP packets

Overview Ethereal contains a vulnerability in the way the Transaction Capabilities Application Part TCAP protocol dissector parses ASN.1 encoded Transaction IDs within TCAP packets. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing TC...

Internet Security Systems Protocol Analysis Module (PAM) does not properly handle ICQ server response messages

Overview The Protocol Analysis Module PAM used by Internet Security Systems ISS intrusion detection and prevention products does not properly handle ICQ server response messages. An unauthenticated, remote attacker could execute arbitrary code by sending a specially crafted UDP packet. Descriptio...

Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values

Overview The Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values which could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Description Abstract Syntax Notation number One ASN.1 is an international standard used to describe and...

Cisco Aironet AP1100 fails to provide universal login error messages thereby disclosing validity of user account

Overview A vulnerability in the Cisco Aironet 1100 Series Access Point may allow a remote attacker to discover valid accounts on the access point. Description Cisco describes the Aironet 1100 Series Access Point as, "an affordable and upgradable 802.11b wireless LAN WLAN solution, setting the...

Microsoft Windows kernel contains stack overflow

Overview A stack overflow vulnerability exists in the Microsoft Windows kernel. Description The kernel is the core or "heart" of any operating system and is responsible for a variety of things, such as managing memory and allocating hardware resources. Entercept's Ricochet Team has discovered a...

MIT Kerberos vulnerable to ticket splicing when using Kerberos4 triple DES service tickets

Overview Several cryptographic vulnerabilities exist in the basic Kerberos version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm. Description The MIT Kerberos Development team has discovered a...

Apache HTTPD server vulnerable to cross site scripting on error page when using wildcard DNS

Overview Versions of the Apache HTTPD server with wildcard DNS enabled and UseCanonicalName disabled, are vulnerable to a cross-site scripting attack. Description Apache HTTPD servers versions 2.0.42 and prior, and 1.3.26 and prior, with wildcard DNS enabled and UseCanonicalName disabled, are...

ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines

Overview Abstract Syntax Notation number One ASN.1 is an international standard used to describe and transmit data packets between applications and across networks. There is a vulnerability related to ASN.1 that could permit an attacker to cause a denial of service or potentially execute arbitrar...

Microsoft SQL Server service account registry key has weak permissions that permit privilege escalation

Overview The Microsoft SQL Server contains a vulnerability that allows remote attackers to execute arbitrary commands with system privileges. Description The Microsoft SQL Server typically runs under a dedicated "service account" that is defined by system administrators at installation time. This...

Oracle9i Application Server PL/SQL Gateway web administration interface uses null authentication by default

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle 9i Application Server iAS. In its default configuration, the PL/SQL module grants unauthenticated access to the PL/SQL gateway web-based administration interface. Description...

IBM AIX line printer daemon contains a buffer overflow in kill_print()

Overview The Line Printer daemon lpd shipped with AIX systems contains a buffer overflow in killprint that potentially allow a malicious remote user to gain root privileges. Description A buffer overflow exists in the killprint function of the line printer daemon lpd on AIX systems. An intruder...

Cisco IOS vulnerable to DoS via unrecognized transitive attribute in BGP UPDATE

Overview There is a denial-of-service vulnerability in several specific but common configurations of Cisco IOS. Description There is a problem involving BGP updates on Cisco routers with BGP4 Prefix Filtering and Inbound Route Maps enabled. A route update with an unrecognized transitive attribute...

ISC BIND 4 contains buffer overflow in nslookupComplain()

Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is a buffer overflow vulnerability in BIND 4.9.x, which may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no...

ISC BIND 8 contains buffer overflow in transaction signature (TSIG) handling code

Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is a buffer overflow vulnerability in BIND 8.2.x, which may allow remote intruders to gain access to systems running BIND. DNS servers running BIND 8 a...

Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs

Overview Atlassian Bitbucket on Windows fails to properly set ACLs, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. Description The Atlassian Bitbucket Windows installer fails to set a secure access-control list ACL on the default installation directory,...

TrackR Bravo contains multiple vulnerabilities

Overview TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313:Cleartext Storage in a File or on Disk - CVE-2016-6538The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in...

Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials

Overview Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials. Description CWE-255: Credentials Management- CVE-2016-6551Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp ...

Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability

Overview Flexera Software FlexNet Publisher, including all versions prior to 11.13.1.2, lmgrd and custom vendor daemon servers contain a buffer overflow vulnerability that may be leveraged to gain code execution. Description Flexera Software FlexNet Publisher is a software license manager that...

Zenoss Core contains multiple vulnerabilities

Overview The Zenoss Core application, server, and network management platform software contains multiple vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code. Description The Zenoss Core application, server, and network management platform software...

SpamTitan contains a reflected cross-site scripting (XSS) vulnerability

Overview SpamTitan contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'SpamTitan contains a reflected cross-site scripting vulnerability in the auth-settings-x.php page of the management...

Microsoft Office file format converter memory corruption vulnerability

Overview The Microsoft Office file format converter contains a memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. Description Microsoft Office file format converter is a component that converts legacy...

Attachmate Verastream Host Integrator (VHI) allows arbitrary file upload and execution

Overview The Attachmate Verastream Host Integrator VHI is vulnerable to arbitrary file uploads and execution. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-3626The Attachmate VHI Session Server, on all platforms, allows unauthenticated...

Openbravo ERP contains an information disclosure vulnerability

Overview Openbravo ERP 2.5, 3, and possibly earlier versions contain an information disclosure vulnerability CWE-200. Description CWE-200: Information Exposure Openbravo ERP version 2.5 and version 3 contain an information disclosure vulnerability. This is due to the expanded use of XML External...

Enspire eClient SQL injection allows authentication bypass

Overview Enspire eClient contains a SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges. Description The Enspire software suite includes an eClient web front-end which is susceptible to SQL injection attacks. This...

Oracle Sun Java fails to properly validate Java applet signatures

Overview Oracle Sun Java fails to properly validate Java applet signatures, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Signed Java applets have the ability to perform actions outside of the traditional Java sandbox, including...

Broadcom NetXtreme management firmware ASF buffer overflow

Overview A buffer overflow vulnerability exists in the Broadcom NetXtreme management firmware. This vulnerability may allow a remote attacker to execute arbitrary code on an affected device. Description The Alert Standard Format ASF Specification is a protocol developed by Distributed Management...

DISA UNIX SRR scripts execute untrusted programs as root

Overview The Defense Information Systems Agency DISA UNIX Security Readiness Review SRR scripts find1 and execute -exec various programs to obtain version information. The SRR scripts are designed to be run as root. An attacker who can write a file under the root file system may be able to exploi...

UltraVNC buffer overflow vulnerability

Overview UltraVNC viewer contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute arbitrary code. Description UltraVNC viewer is a remote desktop application that allows a user to control compatible VNC servers. The UltraVNC viewer includes a...

Mozilla XUL web applications may hide the titlebar

Overview Mozilla's XUL contains a vulnerability that may allow a web application to cover an active window's titlebar. Description XUL is Mozilla's XML-based user interface language. XUL can be used to create Mozilla applications, extensions, and web applications.From Mozilla Foundation Security...

Oracle JInitiator ActiveX control stack buffer overflows

Overview The Oracle JInitiator ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle JInitiator allows users to run Oracle Developer Server applications within a web...

ISC BIND generates cryptographically weak DNS query IDs

Overview ISC Internet Systems Consortiuim BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Description From the ISC Bind security page:The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of...

MIT Kerberos kadmind principal renaming stack buffer overflow

Overview The MIT Kerberos administration daemon kadmind contains a stack buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the principal renaming operation used by the Kerberos...

WordPress fails to properly sanitize input passed to the ix parameter in wp-includes/feed.php

Overview WordPress fails to properly sanitize input to the ix parameter in wp-includes/feed.php, which could allow a remote, unauthenticated attacker to execute arbitrary PHP code. Description WordPress is a blogging application that is written in PHP. WordPress 2.1.1 fails to properly sanitize...

Adobe Acrobat allows pointer overwrite via specially crafted PDF file

Overview Adobe Acrobat and Adobe Reader fail to properly handle a specially crafted PDF file, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Adobe Acrobat and Adobe Reader are applications designed to create and view Portable Document Format PDF...

Apple Mac OS X PPP driver fails to properly validate PADI packets

Overview The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation PADI packets. This vulnerability may allow a remote attacker to execute arbitrary code with system privileges. Description The Apple Mac OS X PPP driver fails to properly handle PADI packets allowing...

Microsoft PowerPoint fails to properly handle malformed object pointers

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed object pointers, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoi...

OpenSSL may fail to properly parse invalid ASN.1 structures

Overview A vulnerability in OpenSSL may allow an attacker to create a denial-of-service condition. Description OpenSSL is an Open Source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols.When parsing certain invalid ASN.1 structures, OpenSSL...

Microsoft PowerPoint fails to properly handle malformed records

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens...

Barracuda Spam Firewall contains hardcoded default login credentials

Overview Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Description Barracuda Spam Firewall appliances provide ingress and egress spam filtering for local area networks. An administrator will typically lo...

Microsoft Internet Explorer long URL buffer overflow

Overview Microsoft Internet Explorer is vulnerable to a buffer overflow when processing a long URL on a web site that uses HTTP 1.1 compression. This could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer 6 Service...

BlackBerry Enterprise Server fails to properly handle Microsoft Word attachments

Overview A buffer overflow vulnerability in BlackBerry Enterprise Server may allow a remote attacker to execute arbitrary code. Description A buffer overflow vulnerability exists in the BlackBerry Attachment Service component of BlackBerry Enterprise Server. This vulnerability may allow a remote...

Juniper JUNOS IPv6 denial-of-service vulnerability

Overview Juniper JUNOS Internet Software contains a vulnerability in IPv6 handling that could allow a remote attacker to cause a denial of service. Description Juniper router operating system software JUNOS does not properly free memory allocated for certain IPv6 packets. If a fixed amount of...