3704 matches found
ISC BIND generates cryptographically weak DNS query IDs
Overview ISC Internet Systems Consortiuim BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Description From the ISC Bind security page:The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of...
Apple iChat AIM URI handler format string vulnerability
Overview Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. Description The Apple iChat AIM URI handler fails to properly sanitize user-controlled data that is supplied to a formatted output function. This...
Mozilla browsers "location.hostname" cross-domain vulnerability
Overview Mozilla-based browsers contain a cross-domain vulnerability, which may allow an attacker to access data in other sites. Description Mozilla uses a same origin security model to maintain separation between browser frames from different sources. This model is designed to prevent code in on...
Mozilla SVG memory corruption vulnerability
Overview Mozilla products contain a memory corruption vulnerability related to SVG processing. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Scalable Vector Graphics SVG processing code in Mozilla Firefox and SeaMonke...
Symantec Veritas NetBackup bpcd daemon buffer overflow
Overview Symantec Veritas NetBackup contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon is...
Apple Mac OS X PPP driver fails to properly validate PADI packets
Overview The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation PADI packets. This vulnerability may allow a remote attacker to execute arbitrary code with system privileges. Description The Apple Mac OS X PPP driver fails to properly handle PADI packets allowing...
Sky Software FileView ActiveX control buffer overflow vulnerability
Overview The Sky Software FileView ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Sky Software FileView object is an ActiveX control that is provided with several...
Citrix Access Gateway LDAP authentication bypass
Overview An error with LDAP authentication in Citrix Access Gateway appliances may allow an attacker to successfully authenticate without providing correct login credentials. Description Citrix Access Gateway appliances use SSL VPN technology to give remote users secure access shared resources...
Microsoft Office fails to properly parse malformed records
Overview A vulnerability in the way Microsoft Office parses files containing malformed records may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when Office attempts to parse specially crafted records. According to Microsoft...
OpenSSL may fail to properly parse invalid ASN.1 structures
Overview A vulnerability in OpenSSL may allow an attacker to create a denial-of-service condition. Description OpenSSL is an Open Source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols.When parsing certain invalid ASN.1 structures, OpenSSL...
Microsoft PowerPoint fails to properly handle malformed records
Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens...
Microsoft Internet Explorer long URL buffer overflow
Overview Microsoft Internet Explorer is vulnerable to a buffer overflow when processing a long URL on a web site that uses HTTP 1.1 compression. This could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer 6 Service...
BlackBerry Enterprise Server fails to properly handle Microsoft Word attachments
Overview A buffer overflow vulnerability in BlackBerry Enterprise Server may allow a remote attacker to execute arbitrary code. Description A buffer overflow vulnerability exists in the BlackBerry Attachment Service component of BlackBerry Enterprise Server. This vulnerability may allow a remote...
MIT Kerberos (krb5) krshd and v4rcp do not properly validate setuid() or seteuid() calls
Overview Privilege escalation vulnerabilities in MIT krb5 krshd and v4rcp may allow an authenticated attacker to execute arbitrary code. Description The MIT krb 5 krshd and v4rcp programs contain multiple privilege escalation vulnerabilities. MIT krb5 Security Advisory 2006-001 states that the...
Mozilla products contain a race condition
Overview Mozilla products contain a race condition. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla products JavaScript garbage collection process may delete a variable while that variable is still in use. This may corrupt...
Microsoft Windows TCP/IP fails to properly validate IGMP packets
Overview Microsoft Windows implementations of the TCP/IP protocol fail to properly validate IGMP packets, leading to a denial-of-service condition. Description TCP and IGMP The Transmission Control Protocol TCP is defined in RFC 793 as a means to provide reliable host-to-host transmission between...
Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability
Overview Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the Windows operating...
Apple Mac OS X ImageIO fails to properly handle corrupt GIF files
Overview The Apple Mac OS X ImageIO framework contains a buffer overflow that may allow a remote attacker to execute arbitrary code. Description Apple ImageIO is an image processing framework that was introduced in OS X 10.4 Tiger. ImageIO is used by several applications, including WebCore and...
Mozilla Firefox fails to properly sanitize user-supplied URIs via shell script
Overview A lack of input validation in a supplemental shell script included with some Mozilla browsers may allow a remote, unauthenticated attacker to execute arbitrary commands. Description The Linux versions of the Mozilla Firefox and Mozilla Suite web browsers include a wrapper shell script fo...
WebEOC is vulnerable to cross-site scripting attacks
Overview WebEOC contains multiple cross-site scripting vulnerabilities that may allow a remote attacker to inject and execute arbitrary script using a vulnerable WebEOC site. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate,...
Microsoft Word buffer overflow in font processing routine
Overview A buffer overflow in the font processing routine used by Microsoft Word may allow a remote attacker to execute code on a vulnerable system. Description Microsoft Word contains a buffer overflow in the routine that processes fonts. An remote attacker may be able to trigger the buffer...
Mozilla products vulnerable to heap overflow via specially crafted GIF file
Overview Mozilla products, including the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird, are vulnerable to a heap-based overflow in the GIF image-processing routines. Description The Mozilla project produces an application suite Mozilla Suite, web browsers Mozilla Firefox, email software...
Cisco ACNS RealServer RealSubscruber vulnerable to DoS via malformed IP packets
Overview A vulnerability in Cisco ACNS RealServer RealSubscriber may allow a remote attacker to cause a denial of service on an affected device via malformed IP packets. Description Cisco Application and Content Networking System ACNS is an integrated caching and content-delivery platform. ACNS 5...
Multiple devices process HTTP requests inconsistently
Overview Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Attackers may use these flaws to launch a class of attacks referred to a...
SMB filesystem read system call vulnerable to buffer overflow
Overview The SMB filesystem read system call contains buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition. Description "Server Message Block SMB is an application-level protocol that supports file, printer, and other resource sharing. The SMB filesystem...
Microsoft Windows Internet Naming Service (WINS) contains a buffer overflow
Overview A buffer overflow in the WINS service may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names.The WINS protocol contains a vulnerability that may allow a remote attack...
Microsoft Windows Utility Manager launches applications with system privileges
Overview The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges. Description The Microsoft Windows 2000 Utility Manager is a program that permits users to monitor and launch various accessibility applications. This program contain...
Apple Mac OS X TruBlueEnvironment vulnerable to buffer overflow
Overview Apple Mac OS X contains a buffer overflow in TruBlueEnvironment which could allow a local, authenticated attacker to execute arbitrary code with root privileges. Description Mac OS X allows older Macintosh applications to run in an environment called Classic. TruBlueEnvironment is part o...
Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains format string vulnerability
Overview Apple Mac OS X Point-to-Point Protocol daemon contains a format string vulnerability in the handling of invalid command line arguments. Description The Point-to-Point Protocol PPP provides a method for transmitting datagrams over serial point-to-point links. There is a format string...
Cisco ACNS contains buffer overflow vulnerability in the authentication module when supplied an overly long password
Overview Cisco Application and Content Networking Software ACNS contains a buffer overflow that may enable an attacker to execute arbitrary code on the affected device. Description Cisco ACNS Software "...combines demand-pull caching and pre-positioning for accelerated delivery of web application...
Microsoft Internet Explorer does not adequately validate javascript: protocol URL
Overview Microsoft Internet Explorer IE does not adequately validate javascript: protocol URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code wit...
Microsoft FrontPage Server Extensions contains denial of service vulnerability in the SmartHTML interpreter
Overview The Microsoft FrontPage Server Extensions contains a vulnerability that allows unauthenticated remote attackers to conduct denial of service attacks. Description Microsoft FrontPage Server Extensions FPSE is an optional set of tools that adds functionality to a web site. This functionali...
Microsoft Internet Explorer contains buffer overflow in Type attribute of OBJECT element on double-byte character set systems
Overview Certain versions of Microsoft Internet Explorer IE that support double-byte character sets DBCS contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE. Description...
Microsoft Services for Unix 3.0 Interix SDK vulnerable to buffer overrun via RPC request containing improper parameter size check
Overview Microsoft Services for Unix 3.0 Interix SDK contains a remotely exploitable buffer overflow. Description Quoting from Microsoft's Services for Unix 3.0 homepage, "Windows Services for UNIX version 3.0 provides a full range of cross-platform services for integrating Windows into existing...
Apache HTTPD server vulnerable to cross site scripting on error page when using wildcard DNS
Overview Versions of the Apache HTTPD server with wildcard DNS enabled and UseCanonicalName disabled, are vulnerable to a cross-site scripting attack. Description Apache HTTPD servers versions 2.0.42 and prior, and 1.3.26 and prior, with wildcard DNS enabled and UseCanonicalName disabled, are...
4D WebServer does not adequately validate user input thereby allowing directory traversal
Overview 4D WebServer does not properly validate HTTP requests, allowing directory traversal outside the root web directory. Description 4D WebServer versions 6.5.7 and earlier do not properly validate HTTP requests, allowing directory traversal outside the root web directory. --- Impact Remote...
Cisco VPN 3000 series concentrator does not properly handle malformed ISAKMP packets
Overview Cisco VPN 3000 series concentrators do not properly handle specially crafted Internet Security Association and Key Management Protocol ISAKMP packets, which can cause a vulnerable device to reload, denying service to legitimate users. Description According to information on the Cisco web...
Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a remotely exploitable stack buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...
Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures
Overview Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could cause a denial of service or execute arbitrary code or commands with the privileges of the SQL Server process, potentially gaining complete...
Microsoft Internet Information Server (IIS) contains remote buffer overflow in chunked encoding data transfer mechanism for HTR
Overview A buffer overflow vulnerability in IIS 4.0 and 5.0 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the HTR ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to a web...
Oracle9i Application Server Apache PL/SQL module does not properly decode URL
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS in which the module does not properly decode double URL encoded strings. This vulnerability could allow an intruder to read files outside the web...
Weak CRC allows packet injection into SSH sessions encrypted with block ciphers
Overview There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. Description Preconditions: Attacker has a fragment of plaintext and its corresponding ciphertext. Attacker must be able to actively...
Linux kernel contains race condition via ptrace/procfs/execve
Overview Unprivileged local users can use the ptrace function to take advantage of a privileged program, while that program is performing a privileged operation, to gain privileged access. Description Ptrace is a function, which is often used for debugging, that allows one process to attach to...
The Oracle Internet Directory LDAP (oidldapd) contains buffer overflow
Overview Oracle Internet Directory version 2.0.6, which ships with Oracle version 8i for Linux 8.1.6, contains a program, oidldapd, that is an LDAP Daemon. There is a buffer overflow in the LDAP Daemon that allows a local user to obtain the euid of the oidldapd process, typically user oracle...
Due to insecure creation of configuration files via KApplication-class, local users can create arbitrary files when running setuid root KDE programs
Overview KApplication-class, a class used to create KDE applications, creates configuration files without checking for proper ownership or prior existence. Description KApplication-class, a class used to create KDE applications, creates configuration files. These files are created in a local...
ISC BIND 8.2.2-P6 vulnerable to DoS when processing SRV records, aka the "srv bug"
Overview There is a denial-of-service vulnerability in several versions of the Internet Software Consortium's ISC BIND software. This vulnerability is referred to by the ISC as the "srv bug" and affects ISC BIND versions 8.2 through 8.2.2-P6. Description This vulnerability can cause affected DNS...
Cisco IOS vulnerable to DoS via unrecognized transitive attribute in BGP UPDATE
Overview There is a denial-of-service vulnerability in several specific but common configurations of Cisco IOS. Description There is a problem involving BGP updates on Cisco routers with BGP4 Prefix Filtering and Inbound Route Maps enabled. A route update with an unrecognized transitive attribute...
Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function
Overview There is a buffer overflow defect in the ctlgetitem function of the Network Time Protocol NTP daemon responsible for providing accurate time reports used for synchronizing the clocks on installed systems. All NTP daemons based on code maintained at the University of Delaware since NTPv2...
Netscape Java Security Manager fails to prevent URLConnections through netscape.net.URLConnection Class
Overview Netscape Communicator and Navigator ship with Java classes that allow an unsigned Java applet to access local and remote resources in violation of the security policies for applets. Description Failures in the netscape.net package permit a Java applet to read files from the local file...
Various GPT services are vulnerable to two systemic jailbreaks, allows for bypass of safety guardrails
Overview Two systemic jailbreaks, affecting a number of generative AI services, were discovered. These jailbreaks can result in the bypass of safety protocols and allow an attacker to instruct the corresponding LLM to provide illicit or dangerous content. The first jailbreak, called “Inception,” ...