3704 matches found
Microsoft Internet Explorer does not properly display URLs
Overview Microsoft Internet Explorer does not properly display the location of HTML documents. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the address bar. Users expe...
Apache HTTPD contains denial of service vulnerability in basic authentication module
Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...
gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequences
Overview gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences. Description gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a...
kernel-utils sets insecure permissions on "uml_net" utility
Overview The umlnet utility, part of the kernel-utils package in Red Hat Linux 8.0, was shipped with incorrect permissions. Description User-Mode Linux UML is a tool to provide a virtual machine in which to run another copy of Linux. In Red Hat linux 8.0, the kernel-utils package contains the UML...
Avaya switches contains multiple undocumented accounts allowing full administrative access to the device
Overview Multiple Avaya switches do not adequately protect privileged access. Description Avaya's P882, P880, P580, and P550R series switches do not adequately protect account access. As a result, a remote attacker can gain access to the switch via http or telnet. --- Impact A remote attacker can...
Microsoft Internet Explorer (MSIE) Content-Disposition vulnerabilities
Overview Microsoft Internet Explorer IE may handle executable content automatically, opening it with another application on the client host that may, in turn, instruct the operating system to execute the file. Description IE does not properly verify the Content-Disposition and Content-Type header...
Slash-based bulletin boards contain a "quick login" feature that may disclose username and password
Overview Slash-based bulletin boards contain a vulnerability that may cause users to disclose their username and password to third-party sites. Description As described in the Slashcode FAQ, "Slash is a database-driven news and message board, using Perl, Apache and MySQL." Slash allows web site...
Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs
Overview There is a remotely exploitable buffer overflow in the Squid proxy/cache server. Exploitation of this vulnerability could lead to an intruder gaining a shell on the target Squid server. Description Squid versions 2.3 and 2.4 are vulnerable to a buffer overflow in the code that parses FTP...
Older Versions of Cisco PIX Firewall Manager permits retrieval of files
Overview A vulnerability in versions of the Cisco PIX Firewall Manager PFM in use circa September 1998 allows intruders to retrieve files from the host running PFM. Description A vulnerability in the Cisco PIx FIrewall manager allows an intruder to retrieve files from the host running PFM. In...
HP-UX Line Printer Daemon Vulnerable to Directory Traversal
Overview A remotely exploitable directory traversal vulnerability exists in the HP-UX line printer daemon. Description The line printer daemon rlpdaemon enables various clients to share printers over a network. By sending a specially crafted print request to an HP-UX host running the rlpdaemon, a...
IBM AIX digest buffer overflow in filename argument to command
Overview There is a buffer overflow in the digest command that may allow a local attacker to gain root privileges. Description The digest command is intended to be run by the qdaemon to generate a binary version of the queue configuration daemon information stored in /etc/qconfig. The digest...
Apache web server performs case sensitive filtering on Mac OS X HFS+ case insensitive filesystem
Overview The Apache 1.3.14 web server's file access protection scheme can be bypassed for the Mac OS X HFS+ filesystem. Description The Apache web server's file access protection scheme i.e., file request "filtering" assumes that the filesystem being protected is case sensitve. For example, in a...
glibc unsetenv fails to properly handle environment variables passed more than once to a program
Overview The glibc implementation of unsetenv fails to properly remove one of two successive occurrences of the same environment variable if the variable is redundently passed to a program. Description The glibc implementation of unsetenv, if called to remove an environment variable that occurs t...
Denial of Service Attack in NetBIOS Services
Overview The NetBIOS Name Service NBNS provides a means for hostname and address mapping on a NetBIOS-aware network. The NetBIOS over TCP/IP protocols including NBNS are described in the Internet Engineering Task Force IETF Request for Comments RFC1001 and RFC1002. These protocols do not specify ...
SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
Overview SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems. Description During OpCon UNIX agent installation and updates, an SSH public key is added to the root...
UltraVNC repeater does not restrict IP addresses or ports by default
Overview UltraVNC repeater versions prior to ultravncrepeater1300 do not restrict usage by IP address by default and cannot restrict by ports, which may be leveraged to induce connections to arbitrary hosts using any port. Description CWE-16: Configuration - CVE-2016-5673UltraVNC repeater acts as...
Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input
Overview Furuno Voyage Data Recorder VDR VR-3000/VR-3000S and VR-7000 moduleserv firmware update utility fails to properly sanitize user-provided input and is vulnerable to arbitrary command execution with root privileges. Description According to the Furuno VDR product page, the VDR "records all...
Qolsys IQ Panel contains multiple vulnerabilities
Overview All firmware versions of Qolsys IQ Panel contain hard-coded cryptographic keys, do not validate signatures during software updates, and use a vulnerable version of Android OS. Description Qolsys IQ Panel is an Android OS-based touch screen controller for home automation devices and...
Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates
Overview Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, fail to properly validate Swiftkey language pack updates. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2015-4640Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, are pre-installed...
Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link
Overview Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service DoS amplification attacks. Description Multicast DNS mDNS is a way for...
GNU Wget creates arbitrary symbolic links during recursive FTP download
Overview GNU wget allows arbitrary filesystem access when creating symbolic links during a recursive FTP download. This allows an attacker to overwrite files with the permissions of the user running wget. Description CWE-59:CWE-59: Improper Link Resolution Before File Access 'Link Following' Wget...
Mozilla Network Security Services (NSS) fails to properly verify RSA signatures
Overview The Mozilla Network Security Services NSS library fails to properly verify RSA signatures due to incorrect ASN.1 parsing of DigestInfo. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate. Description CWE-295: Improper Certificate Validation RSA...
Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability
Overview Dell ML6000 and Quantum Scalar i500 tape backup system contain a command injection vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'Dell's and Quantum's advisories state the following: The tape library's remote use...
Avanset Visual CertExam Manager 3.3 SQL injection vulnerability
Overview Avanset Visual CertExam Manager version 3.3 and below contain a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'Avanset Visual CertExam Manager version 3.3 and below contain a SQL injection vulnerability d...
HR Systems Strategies info:HR HRIS allows read access to weakly obfuscated shared database password
Overview HR Systems Strategies info:HR HRIS 7.9 and possibly earlier versions allow read access to a weakly obfuscated database password. This password is shared by all clients within an info:HR site. A local attacker can decipher the password and gain complete control of the database and...
BigAnt IM Message server and components contain multiple vulnerabilities
Overview BigAnt IM Message server and components contain multiple vulnerabilities which could allow an attacker to perform administrative functions on the the system Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2012-6273During the SH...
TomatoCart with PayPal Express Checkout design flaw vulnerability
Overview TomatoCart 1.1.7 with PayPal Express Checkout, and possibly other versions, contains a design flaw that may allow an attacker to purchase items for free or less than advertised. Description It has been reported that TomatoCart 1.1.7 using the PayPal Express Checkout module in sandbox mod...
dotCMS template permissions allow arbitrary code execution
Overview The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious template with arbitrary code. Description An authenticated dotCMS user with the permissions required to author...
Oracle Outside In contains an exploitable vulnerability in Lotus 123 v4 parser
Overview Oracle Outside In contains an exploitable vulnerability in the Lotus 123 version 4 file parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file...
ISC BIND 9 resolver denial of service vulnerability
Overview ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c. Description According to ISC:An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers wit...
Microsoft Windows graphics engine thumbnail stack buffer overflow
Overview Microsoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code. Description Microsoft Windows contains a stack-based buffer overflow vulnerability caused by a signedness error in the...
FreeType 2 CFF font stack corruption vulnerability
Overview FreeType 2 contains a vulnerability in the processing of CFF fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a...
libpng fails to limit number of rows in header
Overview Libpng contains a vulnerability in the way it handles images containing an extra row of image data beyond the height reported in the image header. Description A vulnerability exists in the way libpng receives an extra row of image data beyond the height reported in the header of the imag...
Cisco Network Building Mediator products contain multiple vulnerabilities
Overview Cisco Network Building Mediator NBM products are affected by multiple vulnerabilities that could allow an attacker to gain control of a vulnerable device or to cause a denial of service. Description Cisco Network Building Mediator NBM products are designed to manage facility energy use...
IntelliCom NetBiter Config HICP hostname buffer overflow
Overview The IntelliCom NetBiter Config HICP configuration utility has a buffer overflow vulnerability that can be triggered by a specially crafted hostname hn value. An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running...
Microsoft Windows DNS Server response validation vulnerability
Overview The Microsoft Windows DNS server contains a response validation vulnerability. If successfully exploited, this vulnerability may allow an attacker to poison the affected DNS server's cache. Description The Domain Name System DNS is responsible for translating host names to IP addresses a...
Mozilla Firefox JavaScript engine fails to properly handle garbage collection
Overview Mozilla Firefox JavaScript engine fails to properly handle garbage collection. This vulnerability result in memory corruption, which in some cases may be exploitable to execute arbitrary code. Description Per Mozilla Foundation Security Advisory 2008-20:Fixes for security problems in the...
Microsoft Word code execution vulnerability
Overview Microsoft Word contains a vulnerability that may allow an attacker to execute arbitrary code. Description Per Microsoft Security Bulletin MS08-009:A remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote...
Apple Mac OS X CoreText uninitialized pointer vulnerability
Overview Apple Mac OS X CoreText contains an uninitialized pointer vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Mac OS X CoreText is a framework for handling text on Mac OS X Tiger 10.4 and later. Mac OS X...
Intuit QuickBooks Online Edition ActiveX control stack buffer overflows
Overview The Intuit QuickBooks Online Edition ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that functions withi...
MIT Kerberos 5 kadmind buffer overflow vulnerability
Overview An unspecified vulnerability in MIT Kerberos kadmind server may allow an attacker to execute arbitrary code. Description Kerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It is designed to provide strong...
InterActual Player IAMCE ActiveX control stack buffer overflow
Overview The InterActual Player IAMCE ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems. InterActual Player wa...
Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header
Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...
Sun Java System Web Proxy Server fails to properly process malformed packets
Overview A vulnerability in the way Sun Java System Web Proxy Server processes malformed packets may allow execution of arbitrary code. Description SOCKS is a network protocol that provides a framework that allows client-server applications to securely use network firewall services. A vulnerabili...
NETxAutomation NETxEIB OPC Server fails to properly validate OPC server handles
Overview The NETxAutomation NETxEIB OPC Server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the process control and...
Linux Kernel vulnerable to DoS via the ipv6_getsockopt_sticky() function
Overview The Linux Kernel contains a vulnerability that may allow a remote attacker to create a denial-of-service condition. Description Internet Protocol version 6 IPv6 is a IP standard that is designed to replace the Internet Protocol version 4 IPv4. The Linux kernel provides IPv6 support, and...
Apple QuickTime UDTA atom integer overflow
Overview Apple QuickTime contains an integer overflow in handling UDTA atoms, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime User Data UDTA Atoms allow a user to "... define and store data associated with a QuickTim...
Microsoft Excel memory access vulnerability
Overview An unspecified vulnerability in Microsoft Excel may allow a remote attacker to execute arbitrary code. Description Microsoft Excel contains a vulnerability. According to Microsoft Security Bulletin MS07-015 The vulnerability is caused when Excel opens a specially crafted Excel file which...
Apple Airport Extreme fails to properly process 802.11 frames
Overview A vulnerability exists in the Apple AirPort Extreme wireless driver that may allow an attacker to crash a vulnerable system. Description The Apple AirPort Extreme adapter is an 802.11g compatible wireless adapter used in Apple OS X laptops and desktops. A flaw exists in the way AirPort...
Microsoft Excel fails to properly parse malformed Palette records
Overview A vulnerability in the way that Microsoft Excel handles malformed Palette records could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly handle Palette records embedded in Excel documents. When a file containing a malformed...