3704 matches found
Snare Agent web interface cross-site request forgery vulnerabilities
Overview The Snare Agent web interface is susceptible to cross-site request forgery attacks. Description The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and a...
Clientless SSL VPN products break web browser domain-based security models
Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks. Description Web browsers enforce the same origin policy to prevent one...
Microsoft Internet Explorer 6 contains a cross-domain vulnerability
Overview Microsoft Internet Explorer 6 is vulnerable to a cross-domain scripting violation, which can allow a remote, unauthenticated attacker to access the content of a web page in a different domain. Description IE uses a cross-domain security model to maintain separation between browser frames...
HP Online Support Services ActiveX StartApp() arbitrary code execution
Overview The HP Online Support Services ActiveX control contains a method called StartApp. This may allow a remote, unauthenticated attacker to execute local files on a vulnerable system in the context of the local user. Description HP Services provides online product support services including H...
HP Online Support Services ActiveX GetFileTime() buffer overflow
Overview HP Online Support Services contains the function GetFileTime, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Services provides online product support services including ...
GnuTLS Server Name extension Denial of Service
Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted Client Hello message. According to CERT-FI Vulnerability...
Apple Safari fails to properly handle a file name
Overview A vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service. Description According to Apple Safari 3.1.1:A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a malicious...
Liferay Portal Forgot Password User-Agent HTTP header XSS
Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to inject content into "Forgot Password" emails. Description Liferay Portal is an enterprise portal solution that uses Java...
inet_network() off-by-one buffer overflow
Overview The inetnetwork resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The inetnetwork function takes a character string representation for an internet address and returns...
Microsoft Windows DNS Server vulnerable to cache poisoning
Overview The Microsoft Windows DNS Server is vulnerable to cache poisoning, which may allow a remote, unauthenticated attacker to cause a Windows DNS server to provide incorrect responses to DNS queries. Description Microsoft Windows DNS Server is a service that provides DNS serving capabilities...
Mozilla products vulnerable to memory corruption in the JavaScript engine
Overview A number of vulnerabilities in the Mozilla JavaScript engine may allow the execution of arbitrary code or denial of service. Description The Mozilla JavaScript engine contains several vulnerabilities that may result in memory corruption. The impact of this memory corruption in specific...
Microsoft Windows Active Directory fails to properly validate client sent LDAP requests
Overview Microsoft Windows Active Directory fails to properly validate client-sent LDAP requests and may result in a denial of service condition. Description Microsoft Windows Active Directory contains a vulnerability in the way that the LDAP service validates the number of convertible attributes...
Apple Mac OS X mDNSResponder buffer overflow vulnerability
Overview Apple Mac OS X mDNSresponder contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description mDNS uses IP multicast with DNS to provide the functionality of a DNS server for service discovery in networks that do not have a DNS server...
Axis Communications CamImage ActiveX control stack buffer overflow
Overview The Axis Communications CamImage ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to run arbitrary code on a vulnerable system. Description Axis Communications provides an ActiveX control for viewing motion JPEG streams in Microsoft...
Apple Mac OS X Finder DMG volume name buffer overflow
Overview Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder...
PGP Desktop service fails to validate user supplied data
Overview PGP Desktop fails to properly validate objects passed into the PGP Desktop service. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code. Description PGP Desktop versions prior to 9.5.1 fail to properly validate objects passed into the PGP Desktop servi...
ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow
Overview ICONICS Dialog Wrapper Module ActiveX control contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the proce...
Mozilla Layout Engine vulnerability
Overview A vulnerability exists in the Mozilla Layout Engine that may allow a remote attacker to compromise a vulnerable system. Description The Mozilla Layout Engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear...
Mozilla products vulnerable to memory corruption
Overview A vulnerability exists in the way Mozilla products process JavaScript. This vulnerability may allow an attacker to execute arbitrary code. Description The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird...
Mozilla products allow execution of arbitrary JavaScript
Overview Multiple Mozilla products allow running JavaScript to be recompiled while executing. This vulnerability may allow a remote attacker to execute arbitrary JavaScript bytecode. Description According to Mozilla Foundation Security Advisory 2006-67: ...it was possible to modify a Script objec...
Computer Associates BrightStor ARCserv and Protection Suite products RPC buffer overflow vulnerabilities
Overview Multiple vulnerabilities exist in Computer Associates backup products. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data...
Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations
Overview The Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations. An attacker who exploits this vulnerability may be able to read cookies or view other sensitive data from a vulnerable system. Description Microsoft XML Core Services MSXML allow...
Apple QuickDraw Manager fails to properly handle malicious PICT images
Overview A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. Description From Apple,Certain applications invoke an unsupported QuickDraw operatio...
Apple Workgroup Manager fails to properly enable ShadowHash passwords
Overview Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. Description Workgroup Manager is a system adimistration tool in Apple Mac OS X Server that manages users, groups, and...
Apple kernel exception handling vulnerability
Overview Apple Mac OS X may be vulnerable to privilege escalation via the Mach exception ports in the kernel. This vulnerability may allow a local user to execute arbitrary code with elevated privileges. Description Mach 3.0 is an open source microkernel used by Mac OS X that provides memory...
Apple AirPort wireless drivers vulnerable to integer overflow
Overview An integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description According to Apple,An integer overflow exists in the AirPort wireless...
Multiple RSA implementations fail to properly handle signatures
Overview Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Description RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data t...
eIQnetworks Enterprise Security Analyzer Syslog server buffer overflow
Overview The eIQnetworks Enterprise Security Analyzer Syslog server contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Enterprise Security Analyzer eIQnetworks Enterprise Security Analyzer ESA...
X.Org server buffer overflow in Xrender extension
Overview A vulnerability in the X.Org X server could allow an attacker to execute arbitrary code with the privileges of the server. Description The X Window System provides a number of components to support graphical user interfaces, primarily on Unix-like operating systems. It features a...
Mozilla products JavaScript engine fail to properly handle garbage-collection
Overview A vulnerability in the way the JavaScript engine of Mozilla products and derivative programs handles garbage collection could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The JavaScript programming language uses a method of memory management known...
Apple Safari automatically executes arbitrary shell commands or code
Overview Apple Safari fails to properly determine file safety, allowing a remote unauthenticated attacker to execute arbitrary commands or code. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. Explicit binding Mac OS X supports a feature called...
Microsoft Windows Media Player vulnerable to buffer overflow in bitmap processing routine
Overview Microsoft Windows Media Player contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Media Player WMP is an application that ships with Microsoft Windows systems used to...
Microsoft HTML Help Workshop buffer overflow
Overview A buffer overflow in Microsoft HTML Help Workshop may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft HTML Help provides a standard help system for the Windows operating system. HTML Help Workshop is a component of the software development...
Mozilla-based products fail to validate user input to the attribute name in "XULDocument.persist"
Overview A vulnerability in some Mozilla products that could allow a remote attacker to execute Javascript commands with the permissions of the user running the affected application. Description According to the Mozilla advisory on this issue:XULDocument.persist did not validate the attribute nam...
Microsoft Internet Explorer does not honor ActiveX kill bit
Overview Internet Explorer fails to properly check the kill bit for ActiveX controls, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can ...
Apple QuickTime fails to properly handle corrupt GIF images
Overview Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of files in the Graphics Interchange Format GIF could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A heap overflow exists...
Ruby library contains vulnerable default value
Overview Ruby includes a vulnerable default value that may be used to bypass security restrictions and execute arbitrary code. Description Ruby is vulnerable to an attack on applications using the XML-RPC services via XMLRPC.iPIMethods, due to an insecure default value in utils.rb. Any program or...
Microsoft DDS Library Shape Control (msdds.dll) COM object contains an unspecified vulnerability
Overview Microsoft DDS Library Shape Control COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components...
WebEOC privileges are based on client-side authorization
Overview WebEOC ties privileges and roles to client-side resources. If an attacker can access a resource directly, that attacker will be granted all the privileges associated with that resource. Description WebEOC is a web-based crisis information management application that provides functions to...
Microsoft Server Message Block vulnerable to buffer overflow
Overview Microsoft Server Message Block SMB is vulnerable to a buffer handling flaw when processing incoming SMB packets that may lead to remote code execution. Description Server Message Block is a protocol which allows sharing of files, printers, serial ports, and other abstractions. The SMB...
Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c
Overview Multiple Telnet clients contain a data length validation flaw that may allow a malicious server to execute arbitrary code on the client host with privs of client. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facilit...
Squid fails to parse empty access control lists correctly
Overview The Squid web proxy cache may fail to handle empty Access Control Lists ACLs in the intended manner. Description Squid functions as a web proxy and cache application for a number of protocols. However, Squid Access Control List ACL routines may not parse an empty list as intended. An emp...
Microsoft COM Structured Storage Vulnerability
Overview A vulnerability in a way that various programs handle COM objects could allow a local attacker to execute arbitrary code on a vulnerable system. Description Microsoft's COM is a data representation that allows multiple kinds of objects to be stored in one document. COM structured storage...
Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability
Overview Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code. Description The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside th...
Juniper JunOS Routing Engine MPLS denial of service
Overview Juniper routers will become severely disrupted when attacked with specially-crafted MPLS packets. Description Juniper routers running JUNOS have a vulnerability in which specially-crafted MPLS packets can cause normal operation of affected routers to be severely disrupted.According to...
Microsoft Excel parameter validation error
Overview Microsoft has released a bulletin describing a remotely exploitable vulnerability in its Excel spreadsheet program. The vulnerability affects versions of Excel on Windows, MacOS 9, and MacOS X operating systems. Description There is a remotely exploitable vulnerability in Microsoft Excel...
Ethereal fails to properly handle malformed SMB packets
Overview Ethereal contains a vulnerability in the way it processes Server Message Block SMB packets. Description The Server Message Block SMB protocol is used for sharing files, printers, and other resources between computers. SMB is used in Microsoft Windows to provide file and print services...
Microsoft Internet Information Server (IIS) 4.0 contains a buffer overflow in the redirect function
Overview There is a vulnerability in the redirect function of Microsoft's Internet Information Server IIS 4.0 that could allow an attacker to execute arbitrary code on an affected system. Description Internet Information Server IIS is a web server available for the Microsoft Windows operating...
BEA WebLogic Server contains vulnerability in handling of certain tags when editing "weblogic.xml"
Overview BEA WebLogic Server contains a vulnerability in the way Weblogic Builder and the SecurityRoleAssignmentMBean.toXML method parse certain tags in the weblogic.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing,...
Ethereal fails to properly parse NetFlow UDP packets with an overly large template_entry count
Overview Ethereal fails to properly parse v9template structures in NetFlow UDP packets with an overly large templateentry count. This could allow an attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing...