Linux groff utility pic contains format string vulnerability

Overview The pic component of the image processing package groff contains a format string vulnerability that could allow a remote attacker to execute arbitrary code. Description groff is an image processing package on Linux systems. A component of groff called pic contains a format-string...

Nokia Gateway GPRS support node vulnerable to DoS

Overview A vulnerability in the Nokia Gateway GPRS support node GGSN may allow a remote attacker to cause a denial of service. Description A vulnerability in the GGSN may allow a remote attacker to restart the device. For technical details, please see the @stake Security Advisory Nokia GGSN IP650...

Apache HTTPD contains denial of service vulnerability in basic authentication module

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...

Integer overflow in Sun RPC XDR library routines

Overview The XDR library from Sun Microsystems is a widely used implementation for RPC services. Although the library was originally distributed by Sun Microsystems, multiple vendors have included the vulnerable code in their own implementations. Some implementations of standard functions in this...

Concurrent Versions System (CVS) server improperly deallocates memory

Overview A "double-free" vulnerability in the Concurrent Versions System CVS server could allow a remote attacker to execute arbitrary code or commands or cause a denial of service on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source...

Microsoft Services for Unix 3.0 Interix SDK vulnerable to buffer overrun via RPC request containing improper parameter size check

Overview Microsoft Services for Unix 3.0 Interix SDK contains a remotely exploitable buffer overflow. Description Quoting from Microsoft's Services for Unix 3.0 homepage, "Windows Services for UNIX version 3.0 provides a full range of cross-platform services for integrating Windows into existing...

Slash-based bulletin boards contain a "quick login" feature that may disclose username and password

Overview Slash-based bulletin boards contain a vulnerability that may cause users to disclose their username and password to third-party sites. Description As described in the Slashcode FAQ, "Slash is a database-driven news and message board, using Perl, Apache and MySQL." Slash allows web site...

Vandyke Software SecureCRT contains buffer overflow vulnerability in password handling code

Overview SecureCRT is vulnerable to buffer overflow from improper handling of long password input. Description SecureCRT is a terminal emulator and SSH client for Windows. If the SSH1 protocol is used and the user enters a password 300 characters or more in length, SecureCRT will crash, with the...

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file descriptor arguement to _TT_ISCLOSE()

Overview The Common Desktop Environment CDE ToolTalk RPC database server does not adequately validate a client-supplied argument, allowing attackers to overwrite certain locations in memory with zeros. This vulnerability could be exploited in a number of ways, potentially allowing attackers to:...

Oracle 9iAS allows anonymous remote users to view sensitive Apache services by default

Overview Oracle Application Server 9iAS allows remote users to access several Apache services without authentication. Description Oracle Application Server 9iAS includes the Apache Web server and several Apache services. In the default install configuration, many of these services, including...

Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive

Overview The Microsoft Internet Explorer HTML rendering engine contains a vulnerability in its handling of the SRC attribute of the HTML directive. An attacker who is able to convince a user to read a malicious HTML file may be able to crash Internt Explorer or execute arbitrary code with the...

iPlanet Web Server and Netscape Enterprise Server Web Publisher commands allow directory enumeration

Overview A vulnerability exists in iPlanet Web Server and Netscape Enterprise Server in which Web Publisher commands can be used to obtain directory listings. Description iPlanet Web Server and Netscape Enterprise Server permit unauthenticated remote users to enumerate server directories via Web...

Older Versions of Cisco PIX Firewall Manager permits retrieval of files

Overview A vulnerability in versions of the Cisco PIX Firewall Manager PFM in use circa September 1998 allows intruders to retrieve files from the host running PFM. Description A vulnerability in the Cisco PIx FIrewall manager allows an intruder to retrieve files from the host running PFM. In...

AOL Instant Messenger client for Windows contains a buffer overflow while parsing TLV 0x2711 packets

Overview There is a remotely exploitable buffer overflow in AOL Instant Messenger AIM. An exploit has been publicly released. AOL has implemented a server side fix that has largely eliminated the chances of widespread automated exploitation of the vulnerability, but targeted exploitation of...

Microsoft Windows Universal Plug and Play service (UPNP) fails to limit the data returned in response to a NOTIFY message

Overview Microsoft Windows Universal Plug and Play UPnP is vulnerable to a denial-of-service attack that could negatively affect the performance of vulnerable machines. Description Universal Plug and Play UPnP is a system designed to allow network devices to operate together. One of the UPnP...

HP-UX Line Printer Daemon Vulnerable to Directory Traversal

Overview A remotely exploitable directory traversal vulnerability exists in the HP-UX line printer daemon. Description The line printer daemon rlpdaemon enables various clients to share printers over a network. By sending a specially crafted print request to an HP-UX host running the rlpdaemon, a...

Microsoft PowerPoint and Excel fail to properly detect macros thereby automatically executing malicious code via crafted document (MS01-050)

Overview A malformed Microsoft Excel or PowerPoint document can bypass macro checking thereby allowing arbitrary code to be run on the target system. Description Microsoft Excel and PowerPoint scan documents when they are opened and check for the existence of macros. If the document contains...

Apache web server performs case sensitive filtering on Mac OS X HFS+ case insensitive filesystem

Overview The Apache 1.3.14 web server's file access protection scheme can be bypassed for the Mac OS X HFS+ filesystem. Description The Apache web server's file access protection scheme i.e., file request "filtering" assumes that the filesystem being protected is case sensitve. For example, in a...

Internet Explorer incorrectly validates certificates when CRL checking is enabled

Overview Microsoft Internet Explorer IE fails to properly validate certificates when CRL checking is enabled. As a result, sensitive information may be exposed. Description Digital certificates are small documents used to authenticate and encrypt information transmitted over the Internet. One ver...

Denial of Service Attack in NetBIOS Services

Overview The NetBIOS Name Service NBNS provides a means for hostname and address mapping on a NetBIOS-aware network. The NetBIOS over TCP/IP protocols including NBNS are described in the Internet Engineering Task Force IETF Request for Comments RFC1001 and RFC1002. These protocols do not specify ...

Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2

Overview TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities: 1. A buffer overflow during HTTP Basic Authentication allowing a remote attacker to corrupt memory allocated on a he...

McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Overview McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description CVE-2022-0166 McAfee Agent, which comes with various McAfee products such as McAfee...

Siemens Totally Integrated Automation Portal vulnerable to privilege escalation due to Node.js paths

Overview Siemens Totally Integrated Administrator TIA fails to properly set the module search path to be used by a privileged Node.js component, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. The PCS neo administration console is reported to be affected...

Content Delivery Networks handle HTTP headers in different and unexpected ways

Overview A Content Delivery Network CDN is a distributed network of proxy servers that deliver web content collected from a back end web server using a temporary local storage called a cache. HTTP cache poisoning is a type of attack that allows a remote attacker to inject arbitrary content using...

Flash Seats Mobile App for Android and iOS fails to validate SSL certificates

Overview Flash Seats Mobile App for Android, version 1.7.9 and earlier, and for iOS, version 1.9.51 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper...

IKE/IKEv2 protocol implementations may allow network amplification attacks

Overview Implementations of the IKEv2 protocol are vulnerable to network amplification attacks. Description CWE-406: Insufficient Control of Network Message Volume Network Amplification IKE/IKEv2 and other UDP-based protocols can be used to amplify denial-of-service attacks. In some scenarios, an...

Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input

Overview Furuno Voyage Data Recorder VDR VR-3000/VR-3000S and VR-7000 moduleserv firmware update utility fails to properly sanitize user-provided input and is vulnerable to arbitrary command execution with root privileges. Description According to the Furuno VDR product page, the VDR "records all...

Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link

Overview Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service DoS amplification attacks. Description Multicast DNS mDNS is a way for...

BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM

Overview Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. Description Multiple BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of SMRAM. According to Corey Kallenber...

GNU Wget creates arbitrary symbolic links during recursive FTP download

Overview GNU wget allows arbitrary filesystem access when creating symbolic links during a recursive FTP download. This allows an attacker to overwrite files with the permissions of the user running wget. Description CWE-59:CWE-59: Improper Link Resolution Before File Access 'Link Following' Wget...

libpng denial-of-service vulnerability

Overview libpng versions 1.6.0 through 1.6.9 contain a denial-of-service vulnerability. Description CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' - CVE-2014-0333Glenn Randers Pehrson of the PNG Development Group reports: The progressive decoder in libpng16 enters an infinite loop,...

Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability

Overview Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site...

Avanset Visual CertExam Manager 3.3 SQL injection vulnerability

Overview Avanset Visual CertExam Manager version 3.3 and below contain a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'Avanset Visual CertExam Manager version 3.3 and below contain a SQL injection vulnerability d...

QNAP QTS path traversal vulnerability

Overview QNAP QTS 4.0.3 and possibly earlier versions contain a path traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-7174QNAP QTS is a Network-Attached Storage NAS system accessible via a web interface. QNAP QTS...

RealPlayer version 16.0.3.51 contains a buffer overflow vulnerability

Overview RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability CWE-121. Description CWE-121: Stack-based Buffer Overflow RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability. The .RM...

HR Systems Strategies info:HR HRIS allows read access to weakly obfuscated shared database password

Overview HR Systems Strategies info:HR HRIS 7.9 and possibly earlier versions allow read access to a weakly obfuscated database password. This password is shared by all clients within an info:HR site. A local attacker can decipher the password and gain complete control of the database and...

The TigerText Free Consumer Private Texting App (iOS) sends unencrypted user information in support requests

Overview The TigerText Free Consumer Private Texting App iOS sends unencrypted user information to TigerText support. Description The TigerText app generates an unencrypted log file containing the TigerText username and password on the device when a user taps on "Contact Customer Support." An ema...

Adobe Shockwave player installs Xtras without prompting

Overview Adobe Shockwave Player installs Xtras that are signed by Adobe or Macromedia without prompting, which can allow an attacker to target vulnerabilities in older Xtras. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe...

TomatoCart with PayPal Express Checkout design flaw vulnerability

Overview TomatoCart 1.1.7 with PayPal Express Checkout, and possibly other versions, contains a design flaw that may allow an attacker to purchase items for free or less than advertised. Description It has been reported that TomatoCart 1.1.7 using the PayPal Express Checkout module in sandbox mod...

Samsung and HTC android phone information disclosure vulnerability

Overview Certain Samsung and HTC android phones store user interactions to the dmesg buffer which could allow a a malicious application to derive certain user-inputted information from the phone. Description The Android operating system on certain Samsung and HTC mobile phones store certain user...

Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities

Overview Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities:CWE-79: Improper...

Oracle Outside In contains an exploitable vulnerability in Lotus 123 v4 parser

Overview Oracle Outside In contains an exploitable vulnerability in the Lotus 123 version 4 file parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file...

ISC BIND 9 resolver denial of service vulnerability

Overview ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c. Description According to ISC:An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers wit...

Aviosoft DTV Player buffer overflow vulnerability

Overview Aviosoft DTV Player contains a buffer overflow in the handling of playlist .plf files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Aviosoft DTV Player is a multiple format video player application. Aviosoft DTV Player...

OneOrZero AIMS authentication bypass and SQLi vulnerabilities

Overview OneOrZero Action & Information Management System AIMS is vulnerable to an authentication bypass and SQL injection. Description According to the vendor's website:"OneOrZero AIMS is a powerful enterprise ready suite that includes a help desk, knowledge base, time manager and reporting syst...

Imperva SecureSphere management GUI contains an XSS vulnerability

Overview An XSS vulnerability exists in the Imperva SecureSphere management GUI. Description Dell SecureWorks' SWRX-2011-001 advisory states:"A vulnerability exists in Imperva SecureSphere due to improper validation of user-controlled input. User-controllable input is not properly sanitized for...

OpenSLP denial of service vulnerability

Overview OpenSLP contains a vulnerability in the handling of packets containing malformed extensions, which can result in a denial-of-service condition. Description Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover...

HP Online Support Services ActiveX StartApp() arbitrary code execution

Overview The HP Online Support Services ActiveX control contains a method called StartApp. This may allow a remote, unauthenticated attacker to execute local files on a vulnerable system in the context of the local user. Description HP Services provides online product support services including H...

Mozilla Firefox JavaScript engine fails to properly handle garbage collection

Overview Mozilla Firefox JavaScript engine fails to properly handle garbage collection. This vulnerability result in memory corruption, which in some cases may be exploitable to execute arbitrary code. Description Per Mozilla Foundation Security Advisory 2008-20:Fixes for security problems in the...

Yahoo! Music Jukebox YMP Datagrid ActiveX control stack buffer overflows

Overview The Yahoo! Music Jukebox YMP Datagrid ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes...