D-Link routers HNAP service contains stack-based buffer overflow

Overview D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action. Description CWE-121:Stack-based Buffer Overflow - CVE-2016-6563 Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields...

Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities

Overview The Fortinet FortiWAN Ascernlink network load balancer appliance contains multiple vulnerabilities. Description According to the reporter, the Fortinet FortiWAN network load balancer appliance contains the following vulnerabilities.CWE-78: Improper Neutralization of Special Elements used...

Accela Civic Platform Citizen Access portal contains multiple vulnerabilities

Overview Accela Civic Platform Citizen Access portal contains cross-site scripting and arbitrary file upload vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2016-5660Accela Civic Platform Citizen Access portal contains ...

IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi

Overview IPSwitch's WhatsUp Gold version 16.3, and possibly previous versions, is vulnerable to SQL injection and cross-site scripting attacks. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2015-6004The "Find Device" search field does...

ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities

Overview ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255: Credentials Management - CVE-2015-7280The ReadyNet WRT300N-DD Wireless Router...

BIOS implementations fail to properly set UEFI write protections after waking from sleep mode

Overview Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. Description According to Cornwell, Butterworth, Kovah, and Kallenberg, who reported the issue affecting certain Dell client systems...

ShareLaTeX vulnerable to remote command execution and information disclosure

Overview ShareLaTeX is a server-based software allowing group collaboration on LaTeX documents. ShareLaTeX prior to version 0.1.3 has been found to be vulnerable to command injections and information disclosure. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path...

LabTech contains privilege escalation vulnerability

Overview LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges. Description CWE-284: Improper Access Control LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root...

Honeywell OPOS suite Stack Buffer Overflow vulnerability

Overview The Honeywell OPOS OLE for Retail Point-of-Sale POS Suite is vulnerable to a stack buffer overflow attack. Description The Honeywell OPOS Suite provides a standard programming interface that allows POS hardware to be easily integrated into retail POS systems based on Microsoft Windows...

Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting

Overview Silver Peak VX version 6.2.2.047968 is vulnerable to cross-site request forgery and cross-site scripting. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2014-2974Silver Peak VX version 6.2.2.047968 contains a cross-site request forgery vulnerability in /php/useraccount.php...

Artiva Agency Single Sign-On (SSO) feature vulnerability

Overview Artiva Agency Single Sign-On SSO feature checks only the local Windows login name which could allow an attacker to impersonate another Artiva Agency user. Description Artiva Agency Single Sign-On SSO feature when configured with the domain name option allows the currently logged on Windo...

Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability

Overview Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-si...

Centreon 2.3.3 through 2.3.9-4 blind sqli injection vulnerability.

Overview Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability. The vulnerability is found withi...

Dell OpenManage Server Administrator contains a cross-site scripting vulnerability

Overview Dell OpenManage Server Administrator version 7.1 and earlier contains a cross-site scripting vulnerability. Description Dell OpenManage Server Administrator version 7.1 and earlier contains a cross-site scripting vulnerability CWE-79. --- Impact A remote attacker may be able to execute...

Solarwinds Network Performance Monitor 10.2.2 contains multiple vulnerabilities

Overview Solarwinds Network Performance Monitor 10.2.2 and possibly earlier versions contain a cross-site scripting XSS, and cross-site request forgery CSRF vulnerability. Description Solarwinds Network Performance Monitor 10.2.2 can be attacked by modifying the snmpd.conf file with malicious...

Microsoft Windows TrueType font parsing vulnerability

Overview A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to run arbitrary code in kernel mode. This vulnerability is reportedly being exploited by malicious software in the wild known as Duqu. Description The Microsoft Windows kernel includes a...

ISC DHCP server vulnerability

Overview The ISC DHCP server contains a vulnerability that could allow a remote attacker to cause a denial of service. Description According to ISC:If a TCP connection is established to the server on a port which has been configured for communication with a failover peer, this can cause it to...

PGP Desktop unsigned data injection vulnerability

Overview PGP Desktop 10.0.3 and earlier versions as well as 10.1.0 are vulnerable to an unsigned data injection attack. PGP Command Line versions 9.6 and greater are not affected by this vulnerability. Description The PGP Desktop user interface incorrectly displays messages with unsigned data as...

NOS Microsystems Adobe getPlus Helper ActiveX control stack buffer overflows

Overview The NOS Microsystems Adobe getPlus Helper ActiveX control contains stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description NOS Microsystems getPlus is download management software that is used to install Ado...

Adobe Flash vulnerability affects Flash Player and other Adobe products

Overview Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Flash Player, Reader, Acrobat, and other products that include Flash support are affected. Description Adobe Flash is a widely deployed multimedi...

Microsoft Internet Explorer data binding memory corruption vulnerability

Overview Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains an invalid pointer vulnerability in its da...

PHP path translation vulnerability

Overview PHP contains a path translation vulnerability that may allow an attacker to execute arbitrary code. Description PHP is a scripting language that is designed for web-based applications and can be imbedded directly into HTML.PHP versions prior to 5.2.6 contain a path translation...

IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) allows buffer overflow via HTTP request

Overview The IBM Tivoli Provisioning Manager for OS Deployment TPMfOSD contains a buffer overflow vulnerability in the web server component. This vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges or cause a denial of service. Description IBM Tivoli Provisioning...

Mozilla Firefox URL protocol handling vulnerability

Overview Mozilla Firefox protocol handlers may allow remotely supplied JavaScript to execute with elevated privileges. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description On Microsoft Windows systems, Mozilla Firefox installs protocol...

Apple QuickTime 3GP integer overflow

Overview A vulnerabilty in the way Apple QuickTime processes 3GP files may allow execution of arbitrary code. Description A vulnerability exists in the way Apple QuickTime handles specially crafted 3GP files. According to Apple QuickTime 7.1.5 security document 305149:An integer overflow exists i...

Mozilla browsers "location.hostname" cross-domain vulnerability

Overview Mozilla-based browsers contain a cross-domain vulnerability, which may allow an attacker to access data in other sites. Description Mozilla uses a same origin security model to maintain separation between browser frames from different sources. This model is designed to prevent code in on...

PGP Desktop service fails to validate user supplied data

Overview PGP Desktop fails to properly validate objects passed into the PGP Desktop service. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code. Description PGP Desktop versions prior to 9.5.1 fail to properly validate objects passed into the PGP Desktop servi...

Mozilla SVG memory corruption vulnerability

Overview Mozilla products contain a memory corruption vulnerability related to SVG processing. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Scalable Vector Graphics SVG processing code in Mozilla Firefox and SeaMonke...

Apple AirPort driver fails to properly handle probe response frames

Overview A buffer overflow in certain Apple AirPort drivers may allow an attacker to execute arbitrary code with system privileges, or create a denial-of-service condition. Description Apple Airport products are 802.11b and 802.11g compatible wireless devices that are produced by Apple. Airport...

Microsoft Office fails to properly parse malformed records

Overview A vulnerability in the way Microsoft Office parses files containing malformed records may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when Office attempts to parse specially crafted records. According to Microsoft...

BIND vulnerable to an assertion failure when querying for SIG records

Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A flaw exists in the...

Mozilla products contain a race condition

Overview Mozilla products contain a race condition. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla products JavaScript garbage collection process may delete a variable while that variable is still in use. This may corrupt...

X.Org server buffer overflow in Xrender extension

Overview A vulnerability in the X.Org X server could allow an attacker to execute arbitrary code with the privileges of the server. Description The X Window System provides a number of components to support graphical user interfaces, primarily on Unix-like operating systems. It features a...

Microsoft Internet Explorer exception handling vulnerability

Overview Microsoft Internet Explorer fails to properly handle exception conditions. This may allow a remote, unauthenticated attacker to execute arbitrary code. Description Internet Explorer allows objects to register exception handlers. These handlers may not properly handle some conditions, whi...

Mozilla contains multiple memory corruption vulnerabilities

Overview Mozilla contains several memory corruption vulnerabilities. This may allow a remote attacker to execute arbitrary code. Description Mozilla team members have discovered multiple vulnerabilities that cause the browser engine to crash. In certain circumstances, these vulnerabilities may...

LiveData ICCP Server heap buffer overflow vulnerability

Overview LiveData ICCP Server contains a heap-based buffer overflow. This vulnerability may allow a remote attacker to crash the server. Description Inter-Control Center Communications Protocol ICCP According to the LiveData ICCP Server white paper: The Inter-Control Center Communications Protoco...

Mozilla products vulnerable to privilege escalation via XBL.method.eval

Overview A vulnerability in the way Mozilla products and derivative programs handle certain XBL methods could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla browser and derived products include support for the Extensible Bindings Language XBL, a...

Pubcookie login server contains cross-site scripting vulnerabilities

Overview Cross-site scripting vulnerabilities in the Pubcookie login server could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web. The Pubcookie...

Microsoft Windows privilege escalation vulnerability

Overview Microsoft Windows access controls may be improperly configured potentially allowing a local attacker to gain elevated privileges on a vulnerable system. Description Microsoft Windows provides numerous, fine grained permissions and privileges to control access to Windows components, such ...

UW-IMAP vulnerable to a buffer overflow

Overview UW-IMAP contains a buffer overflow vulnerability that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system. Description The University of Washington IMAP Server UW-IMAP is an email server that uses the Internet Message Access Protocol lMAP. A lack o...

Linux kernel Bluetooth support fails to properly bounds check "protocol" variable

Overview Linux kernels with Bluetooth support do not adequately validate the "protocol" value, allowing a local user to execute arbitrary code with elevated privileges. Description Linux kernels with Bluetooth support may contain a local root vulnerability, even if Bluetooth hardware is not...

Squid LDAP authentication routines fail to check for invalid input

Overview The Squid LDAP authentication routine squidldapauth fails to check for input characters, such as whitespace, that could be misused to possibly bypass access restrictions. Description Squid functions as a web proxy and cache application for a number of protocols, and includes support for...

Apple Mac OS X "at" utilities fail to drop privileges properly

Overview Apple's Mac OS X operating system may allow local privilege escalation in family of "at" commands. Description Mac OS X includes the "at" family of commands in order to schedule tasks. However, a flaw in these commands results in the commands not dropping privileges correctly. This may...

Microsoft Windows Internet Naming Service (WINS) contains a buffer overflow

Overview A buffer overflow in the WINS service may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names.The WINS protocol contains a vulnerability that may allow a remote attack...

LibTIFF contains multiple heap-based buffer overflows

Overview LibTIFF contains multiple heap-based buffer overflows that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. Multiple LibTIFF routines contain buffer...

Microsoft Windows Utility Manager launches applications with system privileges

Overview The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges. Description The Microsoft Windows 2000 Utility Manager is a program that permits users to monitor and launch various accessibility applications. This program contain...

Microsoft Windows SSP interface fails to properly validate value used during authentication protocol selection

Overview A remotely exploitable vulnerability in Microsoft's Negotiate Security Software Provider SSP interface could permit an attacker to execute arbitrary code on the system. Description Microsoft's Negotiate Security Software Provider SSP interface contains a buffer overflow during the...

FreeBSD fails to limit number of TCP segments held in reassembly queue

Overview FreeBSD fails to limit the number of TCP segments held in a reassembly queue which could allow an attacker to exhaust all available memory buffers mbufs on the destination system resulting in a denial-of-service condition. Description The Transmission Control Protocol TCP is part of the...

Sun Solaris tcsh(1) contains vulnerability in the built-in ls-F command

Overview Sun Solaris tcsh1 contains a vulnerability in the built-in ls-F command that could allow an unprivileged user to create or remove files or gain privileges of another user. Description A vulnerability in the built-in ls-F command of the Sun Solaris tcsh1 may allow an intruder to create or...

Microsoft Internet Explorer does not adequately validate javascript: protocol URL

Overview Microsoft Internet Explorer IE does not adequately validate javascript: protocol URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code wit...