3704 matches found
Howyar Reloader UEFI bootloader vulnerable to unsigned software execution
Overview The Howyar UEFI Application "Reloader" 32-bit and 64-bit, distributed as part of SysReturn prior to version 10.2.02320240919, is vulnerable to the execution of arbitrary software from a hard-coded path. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure...
Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs
Overview Atlassian Bitbucket on Windows fails to properly set ACLs, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. Description The Atlassian Bitbucket Windows installer fails to set a secure access-control list ACL on the default installation directory,...
EpubCheck 4.0.1 contains a XML external entity processing vulnerability
Overview EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks. Description EpubCheck is a tool to validate that EPUB files follow the proper format. It can be used as a stand alone command line utility, or included in a project most commonly being epub readers as a...
D-Link routers HNAP service contains stack-based buffer overflow
Overview D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action. Description CWE-121:Stack-based Buffer Overflow - CVE-2016-6563 Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields...
Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities
Overview The Fortinet FortiWAN Ascernlink network load balancer appliance contains multiple vulnerabilities. Description According to the reporter, the Fortinet FortiWAN network load balancer appliance contains the following vulnerabilities.CWE-78: Improper Neutralization of Special Elements used...
Accela Civic Platform Citizen Access portal contains multiple vulnerabilities
Overview Accela Civic Platform Citizen Access portal contains cross-site scripting and arbitrary file upload vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2016-5660Accela Civic Platform Citizen Access portal contains ...
libarchive contains a heap-based buffer overflow due to improper input validation
Overview An attacker may be able to coerce a user into executing arbitrary code in the context of the current user by attempting to unzip a crafted zip file provided by the attacker. Description CWE-20: Improper Input Validation - CVE-2016-1541A crafted zip file can provide an incorrect compresse...
IKE/IKEv2 protocol implementations may allow network amplification attacks
Overview Implementations of the IKEv2 protocol are vulnerable to network amplification attacks. Description CWE-406: Insufficient Control of Network Message Volume Network Amplification IKE/IKEv2 and other UDP-based protocols can be used to amplify denial-of-service attacks. In some scenarios, an...
Oracle Outside In 8.5.2 contains multiple stack buffer overflows
Overview Oracle Outside In versions 8.5.2 and earlier contain stack buffer overflow vulnerabilities in the parsers for WK4, Doc, and Paradox DB files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of...
HP ArcSight Logger contains multiple vulnerabilities
Overview HP ArcSight Logger contains multiple vulnerabilities, allowing authentication bypass and privilege escalation in certain scenarios. Description CWE-285: Improper Authorization- CVE-2015-2136A remote authenticated user without Logger Search permissions may be able to bypass authorization...
QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X
Overview QNAP QTS is a Network-Attached Storage NAS system. The QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X. Description CWE-23: Relative Path Traversal - CVE-2015-6003 When the Apple Filing Protocol AFP is enabled, any OS X user account including th...
Retrospect Backup Client uses weak password hashing
Overview Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision, allowing an attacker to generate a password hash collision and gain access to the target's backup files. Description CWE-916:...
SerVision HVG Video Gateway web interface contains multiple vulnerabilities
Overview SerVision HVG Video Gateway web interface contains multiple vulnerabilities affecting multiple firmware versions. Description CWE-288: Authentication Bypass Using an Alternate Path or Channel, andCWE-284: Improper Access Control - CVE-2015-0929By visiting time.htm, a user is issued a...
LabTech contains privilege escalation vulnerability
Overview LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges. Description CWE-284: Improper Access Control LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root...
Tianocore UEFI implementation reclaim function vulnerable to buffer overflow
Overview The reclaim function in the Tianocore open source implementation of UEFI contains a buffer overflow vulnerability. Description The open source Tianocore project provides a reference implementation of the Unified Extensible Firmware Interface UEFI. Some commercial UEFI implementations...
Honeywell OPOS suite Stack Buffer Overflow vulnerability
Overview The Honeywell OPOS OLE for Retail Point-of-Sale POS Suite is vulnerable to a stack buffer overflow attack. Description The Honeywell OPOS Suite provides a standard programming interface that allows POS hardware to be easily integrated into retail POS systems based on Microsoft Windows...
Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting
Overview Silver Peak VX version 6.2.2.047968 is vulnerable to cross-site request forgery and cross-site scripting. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2014-2974Silver Peak VX version 6.2.2.047968 contains a cross-site request forgery vulnerability in /php/useraccount.php...
SpamTitan contains a reflected cross-site scripting (XSS) vulnerability
Overview SpamTitan contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'SpamTitan contains a reflected cross-site scripting vulnerability in the auth-settings-x.php page of the management...
Microsoft Office file format converter memory corruption vulnerability
Overview The Microsoft Office file format converter contains a memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. Description Microsoft Office file format converter is a component that converts legacy...
QNAP QTS path traversal vulnerability
Overview QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-7174QNAP QTS is a Network-Attached Storage NAS system accessible via a web interface. QNAP QTS...
Attachmate Verastream Host Integrator (VHI) allows arbitrary file upload and execution
Overview The Attachmate Verastream Host Integrator VHI is vulnerable to arbitrary file uploads and execution. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-3626The Attachmate VHI Session Server, on all platforms, allows unauthenticated...
Openbravo ERP contains an information disclosure vulnerability
Overview Openbravo ERP 2.5, 3, and possibly earlier versions contain an information disclosure vulnerability CWE-200. Description CWE-200: Information Exposure Openbravo ERP version 2.5 and version 3 contain an information disclosure vulnerability. This is due to the expanded use of XML External...
Centreon 2.3.3 through 2.3.9-4 blind sqli injection vulnerability.
Overview Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability. The vulnerability is found withi...
CA ARCserve Backup authentication service denial-of-service vulnerability
Overview The CA ARCserve Backup authentication service, caauthd.exe, is susceptible to a denial-of-service vulnerability. CA ARCserve Backup r16 SP1 was reported to be vulnerable. Description The Offensive Security advisory states:By specifying an invalid field size for the encrypted username or...
Solarwinds Network Performance Monitor 10.2.2 contains multiple vulnerabilities
Overview Solarwinds Network Performance Monitor 10.2.2 and possibly earlier versions contain a cross-site scripting XSS, and cross-site request forgery CSRF vulnerability. Description Solarwinds Network Performance Monitor 10.2.2 can be attacked by modifying the snmpd.conf file with malicious...
Enspire eClient SQL injection allows authentication bypass
Overview Enspire eClient contains a SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges. Description The Enspire software suite includes an eClient web front-end which is susceptible to SQL injection attacks. This...
Broadcom NetXtreme management firmware ASF buffer overflow
Overview A buffer overflow vulnerability exists in the Broadcom NetXtreme management firmware. This vulnerability may allow a remote attacker to execute arbitrary code on an affected device. Description The Alert Standard Format ASF Specification is a protocol developed by Distributed Management...
IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) allows buffer overflow via HTTP request
Overview The IBM Tivoli Provisioning Manager for OS Deployment TPMfOSD contains a buffer overflow vulnerability in the web server component. This vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges or cause a denial of service. Description IBM Tivoli Provisioning...
inet_network() off-by-one buffer overflow
Overview The inetnetwork resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The inetnetwork function takes a character string representation for an internet address and returns...
Apple Safari code execution vulnerability
Overview The Apple Safari web browser contains a vulnerability that may allow an attacker to execute arbitrary code. Description Per Apple Security Update 2007-009:A memory corruption issue exists in Safari's handling of feed: URLs. By enticing a user to access a maliciously crafted URL, an...
Mozilla XUL web applications may hide the titlebar
Overview Mozilla's XUL contains a vulnerability that may allow a web application to cover an active window's titlebar. Description XUL is Mozilla's XML-based user interface language. XUL can be used to create Mozilla applications, extensions, and web applications.From Mozilla Foundation Security...
Sun Java JRE vulnerable to unauthorized network access
Overview The Sun Java Runtime Environment JRE contains a vulnerability that may allow unintended access to network resources. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple...
Oracle JInitiator ActiveX control stack buffer overflows
Overview The Oracle JInitiator ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle JInitiator allows users to run Oracle Developer Server applications within a web...
MIT Kerberos kadmind principal renaming stack buffer overflow
Overview The MIT Kerberos administration daemon kadmind contains a stack buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the principal renaming operation used by the Kerberos...
IncrediMail IMMenuShellExt ActiveX control stack buffer overflow vulnerability
Overview The IncrediMail IMMenuShellExt ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IncrediMail is an email application that includes animations and 1000's of emoticons...
WordPress fails to properly sanitize input passed to the ix parameter in wp-includes/feed.php
Overview WordPress fails to properly sanitize input to the ix parameter in wp-includes/feed.php, which could allow a remote, unauthenticated attacker to execute arbitrary PHP code. Description WordPress is a blogging application that is written in PHP. WordPress 2.1.1 fails to properly sanitize...
Adobe Acrobat allows pointer overwrite via specially crafted PDF file
Overview Adobe Acrobat and Adobe Reader fail to properly handle a specially crafted PDF file, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Adobe Acrobat and Adobe Reader are applications designed to create and view Portable Document Format PDF...
Mozilla products vulnerable to privilege escalation via a JavaScript watch() function
Overview A vulnerability exists in Mozilla products that may allow a remote attacker to gain elevated privileges. Description Mozilla products contain a vulnerability in the way the JavaScript watch function is handled that may result in privilege escalation. According to the Mozilla Foundation...
Apple Mac OS X Finder fails to properly handle malformed .DS_Store files
Overview Apple Finder fails to properly handle malformed .DSStore files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description .DSStore files are hidden files used by Apple Finder to control the display of a folder and its contents.According to App...
Barracuda Spam Firewall contains hardcoded default login credentials
Overview Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Description Barracuda Spam Firewall appliances provide ingress and egress spam filtering for local area networks. An administrator will typically lo...
Microsoft Office fails to properly handle malformed strings
Overview Microsoft Office fails to properly handle specially crafted strings. This vulnerability could allow a remote attacker to execute arbitrary code. Description Microsoft Office applications fail to properly validate strings. When an Office document containing malformed string is opened with...
Microsoft Internet Explorer exception handling vulnerability
Overview Microsoft Internet Explorer fails to properly handle exception conditions. This may allow a remote, unauthenticated attacker to execute arbitrary code. Description Internet Explorer allows objects to register exception handlers. These handlers may not properly handle some conditions, whi...
Mozilla contains multiple memory corruption vulnerabilities
Overview Mozilla contains several memory corruption vulnerabilities. This may allow a remote attacker to execute arbitrary code. Description Mozilla team members have discovered multiple vulnerabilities that cause the browser engine to crash. In certain circumstances, these vulnerabilities may...
Mozilla may associate persisted XUL attributes with an incorrect URL
Overview Mozilla can allow persisted XUL attributes to associate with the wrong URL. This may allow a remote attacker to execute arbitrary code. Description XULXUL is an XML-based user interface language, which is used by Mozilla. Persisted XUL XUL elements with the persist attribute maintain the...
Mozilla privilege escalation using addSelectionListener
Overview A privilege escalation vulnerability exists in the Mozilla addSelectionListener method. This may allow a remote attacker to execute arbitrary code. Description addSelectionListener Web content can add a SelectionListener to the Selection object by using addSelectionListener method of the...
LiveData ICCP Server heap buffer overflow vulnerability
Overview LiveData ICCP Server contains a heap-based buffer overflow. This vulnerability may allow a remote attacker to crash the server. Description Inter-Control Center Communications Protocol ICCP According to the LiveData ICCP Server white paper: The Inter-Control Center Communications Protoco...
Mozilla XBL binding vulnerability
Overview Mozilla products fail to properly restrict access to privileged XBL bindings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description XBL According to Mozilla, XBL "is a markup language that defines special new elements, or 'bindings' for XU...
Pubcookie login server contains cross-site scripting vulnerabilities
Overview Cross-site scripting vulnerabilities in the Pubcookie login server could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web. The Pubcookie...
Microsoft Windows Korean Input Method Editor vulnerability
Overview The Microsoft Windows Korean Input Method Editor IME contains a privilege escalation vulnerability. Description According to Microsoft: An IME is a program that allows computer users to enter complex characters and symbols, such as Japanese characters, using a standard keyboard. The...
Optimistic TCP acknowledgements can cause denial of service
Overview A vulnerability in the TCP congestion control mechanism could be leveraged by an attacker to cause a denial of service. Description The Transmission Control Protocol TCP is described in RFC 793 as a means to provide reliable host-to-host transmission in a packet-switched computer network...