Snare Agent web interface cross-site request forgery vulnerabilities

Overview The Snare Agent web interface is susceptible to cross-site request forgery attacks. Description The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and a...

IntelliCom NetBiter devices have default HICP passwords

Overview IntelliCom NetBiter devices ship with default passwords for the HICP network configuration service. An attacker with network access could change network settings and prevent legitimate users from accessing the HICP service. Description IntelliCom NetBiter products use the proprietary HIC...

Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method

Overview The Doc.media.newPlayer method in Adobe Acrobat and Reader contains a use-after-free vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Reader and the Adobe Acrobat family of software are designed to creat...

Clientless SSL VPN products break web browser domain-based security models

Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks. Description Web browsers enforce the same origin policy to prevent one...

Microsoft Office PowerPoint code execution vulnerability

Overview Microsoft PowerPoint contains a vulnerability. If exploited, this vulnerability could allow an attacker to execute code. Description Microsoft Powerpoint is a component of Microsoft Office. Per Microsoft Security Advisory 969136: The vulnerability is caused when Microsoft Office PowerPoi...

HP Online Support Services ActiveX GetFileTime() buffer overflow

Overview HP Online Support Services contains the function GetFileTime, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Services provides online product support services including ...

Microsoft GDI Windows Metafile AttemptWrite integer overflow

Overview Microsoft Windows GDI contains an integer overflow in the handling of Windows metafiles, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows GDI Graphics Device Interface enables applications to use graphics a...

Microsoft Windows Active Directory fails to properly validate client sent LDAP requests

Overview Microsoft Windows Active Directory fails to properly validate client-sent LDAP requests and may result in a denial of service condition. Description Microsoft Windows Active Directory contains a vulnerability in the way that the LDAP service validates the number of convertible attributes...

Linux Kernel vulnerable to DoS via the ipv6_getsockopt_sticky() function

Overview The Linux Kernel contains a vulnerability that may allow a remote attacker to create a denial-of-service condition. Description Internet Protocol version 6 IPv6 is a IP standard that is designed to replace the Internet Protocol version 4 IPv4. The Linux kernel provides IPv6 support, and...

Microsoft HTML Help ActiveX control fails to properly validate input

Overview The Microsoft HTML Help ActiveX control fails to properly validate input, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The HTML Help Control HHCtrl Object is a Windows ActiveX control that provides the ability to view...

ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow

Overview ICONICS Dialog Wrapper Module ActiveX control contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the proce...

Apple Mac OS X Finder fails to properly handle malformed .DS_Store files

Overview Apple Finder fails to properly handle malformed .DSStore files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description .DSStore files are hidden files used by Apple Finder to control the display of a folder and its contents.According to App...

Mozilla products vulnerable to memory corruption

Overview A vulnerability exists in the way Mozilla products process JavaScript. This vulnerability may allow an attacker to execute arbitrary code. Description The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird...

Wireshark contains an unspecified vulnerability in the DHCP dissector

Overview Wireshark contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. Description Wireshark for Microsoft Windows contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. This vulnerability may be exploited when the...

Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations

Overview The Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations. An attacker who exploits this vulnerability may be able to read cookies or view other sensitive data from a vulnerable system. Description Microsoft XML Core Services MSXML allow...

Apple QuickDraw Manager fails to properly handle malicious PICT images

Overview A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. Description From Apple,Certain applications invoke an unsupported QuickDraw operatio...

Apple Workgroup Manager fails to properly enable ShadowHash passwords

Overview Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. Description Workgroup Manager is a system adimistration tool in Apple Mac OS X Server that manages users, groups, and...

Apple AirPort wireless drivers vulnerable to integer overflow

Overview An integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description According to Apple,An integer overflow exists in the AirPort wireless...

Multiple RSA implementations fail to properly handle signatures

Overview Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Description RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data t...

Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page

Overview A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies. Description From Sun Alert Notification 102164: A Cross Site Scripting XSS vulnerability in various releases of the Sun Java System Web...

eIQnetworks Enterprise Security Analyzer Syslog server buffer overflow

Overview The eIQnetworks Enterprise Security Analyzer Syslog server contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Enterprise Security Analyzer eIQnetworks Enterprise Security Analyzer ESA...

Microsoft Office fails to properly handle malformed strings

Overview Microsoft Office fails to properly handle specially crafted strings. This vulnerability could allow a remote attacker to execute arbitrary code. Description Microsoft Office applications fail to properly validate strings. When an Office document containing malformed string is opened with...

Juniper Networks IVE client ActiveX control buffer overflow

Overview The ActiveX control used by Juniper IVE OS devices contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable client. Description Juniper IVE OS is an operating system used by Juniper devices, such as the Juniper Networks Secu...

Mozilla products JavaScript engine fail to properly handle garbage-collection

Overview A vulnerability in the way the JavaScript engine of Mozilla products and derivative programs handles garbage collection could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The JavaScript programming language uses a method of memory management known...

Microsoft Excel malformed description memory corruption vulnerability

Overview Microsoft Excel contains a memory corruption vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate description fields in Excel data files. When a file with a malformed...

Microsoft Windows Media Player plug-in buffer overflow

Overview The Microsoft Windows Media Player plug-in for browsers other than Internet Explorer contains a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Windows Media Player Windows Media Player is a multimedia application that comes with Microsoft Window...

Microsoft Windows Media Player vulnerable to buffer overflow in bitmap processing routine

Overview Microsoft Windows Media Player contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Media Player WMP is an application that ships with Microsoft Windows systems used to...

Microsoft Windows Korean Input Method Editor vulnerability

Overview The Microsoft Windows Korean Input Method Editor IME contains a privilege escalation vulnerability. Description According to Microsoft: An IME is a program that allows computer users to enter complex characters and symbols, such as Japanese characters, using a standard keyboard. The...

Microsoft HTML Help Workshop buffer overflow

Overview A buffer overflow in Microsoft HTML Help Workshop may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft HTML Help provides a standard help system for the Windows operating system. HTML Help Workshop is a component of the software development...

Apple QuickTime and iTunes QTIF image buffer overflow

Overview Apple QuickTime contains a heap-based buffer overflow that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime fails to properly validate QuickTime Images QTIF, potentially allowing a heap-based buffer overflow to occur. If ...

Sun Java Management Extensions privilege escalation vulnerability

Overview A vulnerability in the Sun Java Management Extensions API may allow a remote attacker to execute arbitrary code. Description According to Sun Microsystems:Java Management Extensions JMX technology provides the tools for building distributed, Web-based, modular and dynamic solutions for...

WebEOC privileges are based on client-side authorization

Overview WebEOC ties privileges and roles to client-side resources. If an attacker can access a resource directly, that attacker will be granted all the privileges associated with that resource. Description WebEOC is a web-based crisis information management application that provides functions to...

WebEOC is vulnerable to cross-site scripting attacks

Overview WebEOC contains multiple cross-site scripting vulnerabilities that may allow a remote attacker to inject and execute arbitrary script using a vulnerable WebEOC site. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate,...

Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c

Overview Multiple Telnet clients contain a data length validation flaw that may allow a malicious server to execute arbitrary code on the client host with privs of client. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facilit...

nfs-utils vulnerable to buffer overflow in "getquotainfo()" in "rquota_server.c"

Overview A vulnerability in nfs-utils could permit an attacker to execute arbitrary code on the system or cause a denial of service. Description The NFS protocol provides remote access to shared files accross networks. The nfs-utils package provides an NFS client and server for Linux systems...

Gaim vulnerable to malformed SNAC packet infinite processing loop

Overview Gaim contains a flaw in the processing of certain packets that may cause a denial of service. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar protocol, MSN Messenger,...

Squid fails to parse empty access control lists correctly

Overview The Squid web proxy cache may fail to handle empty Access Control Lists ACLs in the intended manner. Description Squid functions as a web proxy and cache application for a number of protocols. However, Squid Access Control List ACL routines may not parse an empty list as intended. An emp...

Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability

Overview Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code. Description The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside th...

Juniper JunOS Routing Engine MPLS denial of service

Overview Juniper routers will become severely disrupted when attacked with specially-crafted MPLS packets. Description Juniper routers running JUNOS have a vulnerability in which specially-crafted MPLS packets can cause normal operation of affected routers to be severely disrupted.According to...

CUPS stores user account details in plain text in log file

Overview When an SMB printer is configured, CUPS stores plain text login information to the log file. Description CUPS is a cross-platform printing system for UNIX environments. It can use the IPP, LPD, SMB, and JetDirect protocols to interact with printers. The SMB protocol is used to communicat...

PhpWebSite calendar module contains a SQL injection vulnerability

Overview The PhpWebSite contains an SQL injection vulnerability that may allow malicious users to execute SQL queries on a server with the privileges of the PhpWebSite administrator. Description PhpWebSite is an open-source web content management system that includes a web-based calendar module t...

Microsoft Internet Explorer contains a buffer overflow in CSS parsing

Overview A buffer overflow vulnerability exists in the way that Microsoft Internet Explorer processes Cascading Style Sheets CSS. This may allow an attacker to execute arbitrary code or cause a denial of service. Description CSS is a mechanism for adding style to web documents. Microsoft Internet...

Microsoft Excel parameter validation error

Overview Microsoft has released a bulletin describing a remotely exploitable vulnerability in its Excel spreadsheet program. The vulnerability affects versions of Excel on Windows, MacOS 9, and MacOS X operating systems. Description There is a remotely exploitable vulnerability in Microsoft Excel...

GdkPixbuf XPM parser contains a heap overflow vulnerability

Overview A heap overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for...

Ethereal fails to properly handle malformed SMB packets

Overview Ethereal contains a vulnerability in the way it processes Server Message Block SMB packets. Description The Server Message Block SMB protocol is used for sharing files, printers, and other resources between computers. SMB is used in Microsoft Windows to provide file and print services...

Microsoft Internet Information Server (IIS) 4.0 contains a buffer overflow in the redirect function

Overview There is a vulnerability in the redirect function of Microsoft's Internet Information Server IIS 4.0 that could allow an attacker to execute arbitrary code on an affected system. Description Internet Information Server IIS is a web server available for the Microsoft Windows operating...

Gaim fails to properly validate the "name" parameter in the Yahoo login webpage

Overview There is a buffer overflow vulnerability in the way the Gaim yahoologinpagehash function parses the "name" parameter in the Yahoo login webpage. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging...

BEA WebLogic Server allows unauthorized removal of EJB objects

Overview There is a vulnerability in the BEA WebLogic Server that could allow the unauthorized removal of an Enterprise JavaBean EJB. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...

Ethereal fails to properly parse NetFlow UDP packets with an overly large template_entry count

Overview Ethereal fails to properly parse v9template structures in NetFlow UDP packets with an overly large templateentry count. This could allow an attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing...

GnuPG creates ElGamal keys for signing using insufficient entropy

Overview Gnu Privacy Guard GnuPG is a cryptographic utility used to generate cryptographic keys and perform other cryptographic functions. A vulnerability in the way GnuPG generates ElGamal keys has been discovered. This vulnerability renders ElGamal signing key untrustworthy. Description A...