3704 matches found
Microsoft Windows Remote Desktop Protocol (RDP) uses weak algorithm for encrypting packets
Overview Microsoft Windows Remote Desktop Protocol RDP uses a weak algorithm for encrypting packets. Description Microsoft describes RDP as follows.RDP is based on, and is an extension of, the T.120 protocol family standards. It is a multichannel-capable protocol that allows for separate virtual...
Microsoft Services for Unix 3.0 Interix SDK vulnerable to buffer overrun via RPC request containing improper parameter size check
Overview Microsoft Services for Unix 3.0 Interix SDK contains a remotely exploitable buffer overflow. Description Quoting from Microsoft's Services for Unix 3.0 homepage, "Windows Services for UNIX version 3.0 provides a full range of cross-platform services for integrating Windows into existing...
Microsoft Internet Explorer contains cross-site scripting vulnerabilities in local HTML resources
Overview Microsoft Internet Explorer IE includes several local HTML resources that contain cross-site scripting vulnerabilities. These resources use the dialogArguments property of dialog frames insecurely, allowing an attacker to execute arbitrary script in the Local Machine Zone. Description...
Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures
Overview Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could cause a denial of service or execute arbitrary code or commands with the privileges of the SQL Server process, potentially gaining complete...
Microsoft Internet Information Server (IIS) contains remote buffer overflow in chunked encoding data transfer mechanism for HTR
Overview A buffer overflow vulnerability in IIS 4.0 and 5.0 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the HTR ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to a web...
HP-UX kernel specifies incorrect arguments for setrlimit()
Overview A problem exists in some versions of the HP-UX kernel allowing an intruder to cause kernel panics. Description Certain versions of HP-UX setrlimit system call contain a vulnerability that permits an intruder to cause kernel panics or compromise the system. Quoting from HP Security Bullet...
Oracle9i Application Server Apache PL/SQL module does not properly handle HTTP Authorization header
Overview A vulnerability exists in the way the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS handles HTTP Authorization headers. This vulnerability could allow an unauthenticated remote attacker to crash the Apache service. Description...
GnuPG format string vulnerability in do_get() in ttyio.c while prompting for a new filename
Overview There is a format string vulnerability in GNU Privacy Guard. By sending a GPG message with a carefully crafted malicious filename, an attacker may be able to execute arbitrary code as the user who decrypts the message. Description GNU Privacy Guard GPG is a free, RFC2440 compliant...
ISC BIND 8.2.2-P6 vulnerable to DoS when processing SRV records, aka the "srv bug"
Overview There is a denial-of-service vulnerability in several versions of the Internet Software Consortium's ISC BIND software. This vulnerability is referred to by the ISC as the "srv bug" and affects ISC BIND versions 8.2 through 8.2.2-P6. Description This vulnerability can cause affected DNS...
Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
Overview Tunnelling protocols are an essential part of the Internet and form much of the backbone that modern network infrastructure relies on today. One limitation of these protocols is that they do not authenticate and/or encrypt traffic. Though this limitation exists, IPsec can be implemented ...
CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions
Overview A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this...
muhttpd versions 1.1.5 and earlier are vulnerable to path traversal
Overview Versions 1.1.5 and earlier of the mu HTTP deamon muhttpd are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device. Descriptio...
IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects
Overview IPSwitch WhatsUp Gold version 16.3 does not properly validate data when deserializing XML objects sent over SOAP requests. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-8261 WhatsUp Gold version 16.3 contains a SOAP request handler named DroneDeleteOldMeasurements...
EPSON Network Utility installs EpsonBidirectionalService with insecure permissions
Overview EPSON Network Utility contains a local privilege escalation vulnerability, which allows a local attacker to execute arbitrary code with SYSTEM privileges. Description CWE-276: Incorrect Default Permissions - CVE-2015-6034EPSON Network Utility v4.10 is an application that checks the print...
BIOS implementations fail to properly set UEFI write protections after waking from sleep mode
Overview Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. Description According to Cornwell, Butterworth, Kovah, and Kallenberg, who reported the issue affecting certain Dell client systems...
Retrospect Backup Client uses weak password hashing
Overview Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision, allowing an attacker to generate a password hash collision and gain access to the target's backup files. Description CWE-916:...
BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM
Overview Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. Description Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. According to Corey Kallenber...
SerVision HVG Video Gateway web interface contains multiple vulnerabilities
Overview SerVision HVG Video Gateway web interface contains multiple vulnerabilities affecting multiple firmware versions. Description CWE-288: Authentication Bypass Using an Alternate Path or Channel, andCWE-284: Improper Access Control - CVE-2015-0929By visiting time.htm, a user is issued a...
LabTech contains privilege escalation vulnerability
Overview LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root privileges. Description CWE-284: Improper Access Control LabTech startup scripts and directories on Linux platforms are world-writeable and the scripts execute with root...
Tianocore UEFI implementation reclaim function vulnerable to buffer overflow
Overview The reclaim function in the Tianocore open source implementation of UEFI contains a buffer overflow vulnerability. Description The open source Tianocore project provides a reference implementation of the Unified Extensible Firmware Interface UEFI. Some commercial UEFI implementations...
Symantec Endpoint Protection Client contains a kernel pool overflow vulnerability
Overview Symantec Endpoint Protection Client 11.x and 12.x contains a kernel pool overflow vulnerability. Description CWE-788: Access of Memory Location After End of Buffer An attacker logged into a Windows XP, Vista, 7, or 8 system as an unprivileged user is able to cause a kernel pool overflow ...
Artiva Agency Single Sign-On (SSO) feature vulnerability
Overview Artiva Agency Single Sign-On SSO feature checks only the local Windows login name which could allow an attacker to impersonate another Artiva Agency user. Description Artiva Agency Single Sign-On SSO feature when configured with the domain name option allows the currently logged on Windo...
Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability
Overview Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-si...
libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability
Overview libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference crash in pngdoexpandpalette. Description The PNG Development Group has reported that "libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images wit...
CA ARCserve Backup authentication service denial-of-service vulnerability
Overview The CA ARCserve Backup authentication service, caauthd.exe, is susceptible to a denial-of-service vulnerability. CA ARCserve Backup r16 SP1 was reported to be vulnerable. Description The Offensive Security advisory states:By specifying an invalid field size for the encrypted username or...
Symantec Web Gateway contains multiple vulnerabilities
Overview The Symantec Web Gateway management console is vulnerable to remote command execution, local file inclusion, arbitrary password changes, and SQL injection. Description The Symantec SYM12-011 advisory states:"Symantec's Web Gateway management console is susceptible to multiple security...
Microsoft Windows TrueType font parsing vulnerability
Overview A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to run arbitrary code in kernel mode. This vulnerability is reportedly being exploited by malicious software in the wild known as Duqu. Description The Microsoft Windows kernel includes a...
ISC DHCP server vulnerability
Overview The ISC DHCP server contains a vulnerability that could allow a remote attacker to cause a denial of service. Description According to ISC:If a TCP connection is established to the server on a port which has been configured for communication with a failover peer, this can cause it to...
PGP Desktop unsigned data injection vulnerability
Overview PGP Desktop 10.0.3 and earlier versions as well as 10.1.0 are vulnerable to an unsigned data injection attack. PGP Command Line versions 9.6 and greater are not affected by this vulnerability. Description The PGP Desktop user interface incorrectly displays messages with unsigned data as...
IntelliCom NetBiter devices have default HICP passwords
Overview IntelliCom NetBiter devices ship with default passwords for the HICP network configuration service. An attacker with network access could change network settings and prevent legitimate users from accessing the HICP service. Description IntelliCom NetBiter products use the proprietary HIC...
NOS Microsystems Adobe getPlus Helper ActiveX control stack buffer overflows
Overview The NOS Microsystems Adobe getPlus Helper ActiveX control contains stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description NOS Microsystems getPlus is download management software that is used to install Ado...
Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method
Overview The Doc.media.newPlayer method in Adobe Acrobat and Reader contains a use-after-free vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Reader and the Adobe Acrobat family of software are designed to creat...
Microsoft Office PowerPoint code execution vulnerability
Overview Microsoft PowerPoint contains a vulnerability. If exploited, this vulnerability could allow an attacker to execute code. Description Microsoft Powerpoint is a component of Microsoft Office. Per Microsoft Security Advisory 969136: The vulnerability is caused when Microsoft Office PowerPoi...
Microsoft Internet Explorer data binding memory corruption vulnerability
Overview Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains an invalid pointer vulnerability in its da...
PHP path translation vulnerability
Overview PHP contains a path translation vulnerability that may allow an attacker to execute arbitrary code. Description PHP is a scripting language that is designed for web-based applications and can be imbedded directly into HTML.PHP versions prior to 5.2.6 contain a path translation...
inet_network() off-by-one buffer overflow
Overview The inetnetwork resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The inetnetwork function takes a character string representation for an internet address and returns...
Microsoft GDI Windows Metafile AttemptWrite integer overflow
Overview Microsoft Windows GDI contains an integer overflow in the handling of Windows metafiles, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows GDI Graphics Device Interface enables applications to use graphics a...
Mozilla Firefox URL protocol handling vulnerability
Overview Mozilla Firefox protocol handlers may allow remotely supplied JavaScript to execute with elevated privileges. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description On Microsoft Windows systems, Mozilla Firefox installs protocol...
Apple QuickTime 3GP integer overflow
Overview A vulnerabilty in the way Apple QuickTime processes 3GP files may allow execution of arbitrary code. Description A vulnerability exists in the way Apple QuickTime handles specially crafted 3GP files. According to Apple QuickTime 7.1.5 security document 305149:An integer overflow exists i...
Microsoft HTML Help ActiveX control fails to properly validate input
Overview The Microsoft HTML Help ActiveX control fails to properly validate input, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The HTML Help Control HHCtrl Object is a Windows ActiveX control that provides the ability to view...
Mozilla products vulnerable to privilege escalation via a JavaScript watch() function
Overview A vulnerability exists in Mozilla products that may allow a remote attacker to gain elevated privileges. Description Mozilla products contain a vulnerability in the way the JavaScript watch function is handled that may result in privilege escalation. According to the Mozilla Foundation...
Apple AirPort driver fails to properly handle probe response frames
Overview A buffer overflow in certain Apple AirPort drivers may allow an attacker to execute arbitrary code with system privileges, or create a denial-of-service condition. Description Apple Airport products are 802.11b and 802.11g compatible wireless devices that are produced by Apple. Airport...
Computer Associates BrightStor ARCserv and Protection Suite products RPC buffer overflow vulnerabilities
Overview Multiple vulnerabilities exist in Computer Associates backup products. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data...
gzip NULL dereference in huft_build()
Overview The gzip program contains a null dereference vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. A null dereference vulnerability exists in gzip. An...
BIND vulnerable to an INSIST failure via sending of multiple recursive queries
Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A flaw exists in the...
Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page
Overview A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies. Description From Sun Alert Notification 102164: A Cross Site Scripting XSS vulnerability in various releases of the Sun Java System Web...
Mozilla products contain a race condition
Overview Mozilla products contain a race condition. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla products JavaScript garbage collection process may delete a variable while that variable is still in use. This may corrupt...
Juniper Networks IVE client ActiveX control buffer overflow
Overview The ActiveX control used by Juniper IVE OS devices contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable client. Description Juniper IVE OS is an operating system used by Juniper devices, such as the Juniper Networks Secu...
Mozilla products vulnerable to privilege escalation via XBL.method.eval
Overview A vulnerability in the way Mozilla products and derivative programs handle certain XBL methods could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla browser and derived products include support for the Extensible Bindings Language XBL, a...
Pubcookie login server contains cross-site scripting vulnerabilities
Overview Cross-site scripting vulnerabilities in the Pubcookie login server could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web. The Pubcookie...