3704 matches found
Microsoft XML Core Services XMLHTTP ActiveX control vulnerability
Overview The Microsoft XML Core Services XMLHTTP ActiveX control contains an unspecified vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use applications such as...
Wireshark contains an unspecified vulnerability in the DHCP dissector
Overview Wireshark contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. Description Wireshark for Microsoft Windows contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. This vulnerability may be exploited when the...
Microsoft .NET Framework contains a cross-site scripting vulnerability
Overview The Microsoft .NET Framework contains a cross-site scripting vulnerability that may allow an attacker to read or modify data in web pages and cookies. Description The Microsoft .NET Framework is a managed code programming model for Microsoft Windows operating systems. Microsoft ASP.NET i...
Apple QuickTime fails to properly handle SGI images
Overview Apple QuickTime fails to properly handle SGI images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote audio, vide...
Apple QuickTime Player H.264 Codec contains an integer overflow
Overview Apple QuickTime fails to properly handle H.264 movies. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime Player is multimedia software that allows users to view local and remote...
Microsoft Publisher does not adequately validate Publisher documents
Overview Microsoft Publisher does not adequately validate Publisher documents. This results in a buffer overflow vulnerability that could allow an attacker to execute arbitrary code with the privileges of the user running Publisher. Description Microsoft Publisher does not adequately validate...
Mozilla fails to properly handle garbage collection
Overview The Mozilla JavaScript engine fails to properly perform garbage collection, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Garbage collection According to Mozilla: Garbage collection is generally used to refer to algorithms that 1 determin...
Adobe Flash Player fails to properly handle malformed SWF files
Overview Adobe Flash Player fails to properly handle malformed SWF files resulting in a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash Player is a player for the Flash media format and enables...
Microsoft Windows ART image handling buffer overflow
Overview Microsoft Windows ART image handling routines are vulnerable to a heap-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ART Images According to Microsoft Security Bulletin MS06-022: ART is...
TIBCO Rendezvous daemon components contain a buffer overflow in the HTTP administrative interface
Overview A vulnerability in the TIBCO Rendezvous daemon components may allow a remote attacker to execute arbitrary code on an affected system. Description TIBCO Rendezvous is a distributed messaging software platform. A buffer overflow vulnerability has been discovered in the HTTP administrative...
Mozilla DHTML memory corruption vulnerabilities
Overview Mozilla products contain multiple unspecified vulnerabilities in the way they handle DHTML. These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Mozilla products fail to properly handle DHTML. This may allow memor...
Microsoft Internet Explorer fails to properly handle double-byte characters in specially crafted URLs
Overview Microsoft Internet Explorer IE fails to properly handle double-byte characters in URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description IE fails to properly handle double-byte characters in URLs. When a specially crafted HTML file is opened in IE...
Microsoft PowerPoint may disclose information in the Temporary Internet Files Folder
Overview Microsoft PowerPoint contains an information disclosure vulnerability. As a result, sensitive information may be exposed to untrusted parties. Description Microsoft PowerPoint fails to properly restrict access to objects in the Temporary Internet Files Folder TIFF. This vulnerability is...
Mozilla QueryInterface memory corruption vulnerability
Overview Mozilla Firefox web browser and Thunderbird mail client contain a memory corruption vulnerability that may allow a remote attacker to execute arbitrary code. Description The Mozilla Firefox QueryInterface method contains a memory corruption vulnerability. According to Mozilla: Calling th...
Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations
Overview Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 IKEv1 implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an...
Microsoft Windows Graphics Rendering Engine buffer overflow vulnerability
Overview Microsoft Windows Graphics Rendering Engine contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including Windows Metafile WMF and...
Microsoft Windows buffer overflow in Enhanced Metafile rendering API
Overview Microsoft Windows Enhanced Metafile Format image rendering routines contain a buffer overflow flaw that may allow an attacker to cause a denial-of-service condition. Description Microsoft describes the Enhanced Metafile Format EMF as the following:An EMF image is a 32-bit format that can...
MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to free unallocated memory
Overview An unauthenticated attacker can cause MIT krb5 Key Distribution Center KDC to free unallocated memory, possibly leading to arbitrary code execution. Description Kerberos is a network authentication system which uses a trusted third party a KDC to authenticate clients and servers to each...
Ettercap contains a format string error in the "curses_msg()" function
Overview Ettercap has a format string vulnerability in the ncurses user interface. Description Ettercap is open-source software designed for man-in-the-middle attacks on LANs. Ettercap contains multiple user interfaces, including one written using ncurses, a library for manipulating text screens...
Adobe Acrobat and Acrobat Reader vulnerable to information disclosure via "LoadFile()" method in ActiveX control
Overview Adobe Acrobat Reader and Acrobat web control contain a flaw that allows the existence of local files to be discovered. Description The Adobe Acrobat Internet Explorer ActiveX web control may disclose the existence of local files if the LoadFile method is called with the complete file nam...
isakmpd crashes when handling ISAKMP packets with malformed "Security Association Payload"
Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...
Mozilla fails to restrict access to the "shell:" URI handler
Overview A vulnerability in the way Mozilla and its derived programs handle certain types of links could allow an attacker to run local programs on a vulnerable system. Description Versions of the Mozilla, Firefox, and Thunderbird programs for Microsoft Windows will handle URIs of the form shell:...
ISC DHCP contains a stack buffer overflow vulnerability in handling log lines containing ASCII characters only
Overview The Internet Systems Consortium's ISC Dynamic Host Configuration Protocol DHCP 3 application contains a buffer overflow vulnerability. Exploitation of this vulnerability can cause a denial of service condition to the DHCP Daemon DHCPD and may permit a remote attacker to execute arbitrary...
Microsoft Windows Help and Support Center (HCP) fails to validate HCP URLs
Overview A remotely exploitable vulnerability exists in the Help and Support Center HCP. An attacker could compromise the victim's system by tricking them into visiting a malicious web site, or viewing a malicious email message. Description A failure to filter special characters, such as quotes,...
Microsoft Windows contains buffer overflow in processing of WMF and EMF image formats
Overview A vulnerability exists in the APIs that handle Microsoft Windows Metafiles WMF and Enhanced Metafiles EMF image formats. Exploitation may lead to an attacker executing arbitrary code on the system. Description The code that renders Windows Metafiles WMF and Enhanced Metafiles EMF image...
Microsoft Windows Virtual DOS Machine (VDM) contains null pointer dereference
Overview Microsoft Windows NT4.0 and Windows 2000 contain a vulnerability that could permit a local user to gain elevated privileges on the system. Description Microsoft Windows NT4.0 and Windows 2000 provide an Virtual DOS Machine VDM to support 16-bit legacy operations and applications. A...
Ethereal fails to properly decode BGP packets containing MPLS IPv6 labels
Overview Ethereal contains a vulnerability in the way the Border Gateway Protocol BGP protocol dissector decodes Multiprotocol Label Switching MPLS IPv6 labels. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing BGP data. According to...
Linux groff utility pic contains format string vulnerability
Overview The pic component of the image processing package groff contains a format string vulnerability that could allow a remote attacker to execute arbitrary code. Description groff is an image processing package on Linux systems. A component of groff called pic contains a format-string...
Microsoft Windows ListBox and ComboBox controls vulnerable to buffer overflow when supplied crafted Windows message
Overview There is a buffer overflow in a function called by the Microsoft Windows ListBox and ComboBox controls that could allow an attacker to execute arbitrary code with privileges of the process hosting the controls. Description Processes that run on Windows use messages in order to interact...
WS_FTP Server vulnerable to buffer overflow when supplied overly long "APPE" command
Overview It has been reported that a vulnerability exists in the processing of a "APPE" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...
Microsoft Windows DirectX MIDI library does not adequately validate Text or Copyright parameters in MIDI files
Overview A Microsoft Windows DirectX library, quartz.dll, does not properly validate certain parameters in Musical Instrument Digital Interface MIDI files. An attacker could exploit this vulnerability to execute arbitrary code or crash any application using the library, causing a denial of servic...
Windows Media Player 9 ActiveX control does not adequately validate access to Windows Media Library
Overview An ActiveX control included with Windows Media Player 9 does not adequately validate script access to the Windows Media Library. This could allow an attacker to read or modify data contained in the library. Description Windows Media Player 9 includes an ActiveX control that can be used t...
Integer overflow in Sun RPC XDR library routines
Overview The XDR library from Sun Microsystems is a widely used implementation for RPC services. Although the library was originally distributed by Sun Microsystems, multiple vendors have included the vulnerable code in their own implementations. Some implementations of standard functions in this...
ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database
Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:It is possible to de-reference a NULL pointer for...
Microsoft Windows SMTP Service fails to properly handle responses from the NTLM authentication layer
Overview A flaw in the authentication code of the SMTP service provided with Windows 2000 server and Exchange 5.5 may allow a user access to the SMTP service. This acess could be used to relay mail in violation of the SMTP server's security policy, or consume CPU resources on the SMTP server...
Vandyke Software SecureCRT contains buffer overflow vulnerability in password handling code
Overview SecureCRT is vulnerable to buffer overflow from improper handling of long password input. Description SecureCRT is a terminal emulator and SSH client for Windows. If the SSH1 protocol is used and the user enters a password 300 characters or more in length, SecureCRT will crash, with the...
Yahoo! Messenger is vulnerable to DoS via multiple messages from spoofed names
Overview Yahoo! Messenger is an instant messaging client. A report indicates that there is a vulnerability that permits an attacker to spoof the source user name of a Yahoo! Messenger message. Description Yahoo! Messenger permits a user to place users on an ignore list. A vulnerability exists tha...
Oracle 9iAS allows anonymous remote users to view sensitive Apache services by default
Overview Oracle Application Server 9iAS allows remote users to access several Apache services without authentication. Description Oracle Application Server 9iAS includes the Apache Web server and several Apache services. In the default install configuration, many of these services, including...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via Database Access Descriptor password
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. Specifying a crafted password for a Database Access Descriptor DAD could cause a denial of service or execute arbitrary code with the...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Authorization header
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. An HTTP Authorization header with a crafted password parameter could allow an unauthenticated remote attacker to cause a denial of...
Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive
Overview The Microsoft Internet Explorer HTML rendering engine contains a vulnerability in its handling of the SRC attribute of the HTML directive. An attacker who is able to convince a user to read a malicious HTML file may be able to crash Internt Explorer or execute arbitrary code with the...
iPlanet Web Server and Netscape Enterprise Server Web Publisher commands allow directory enumeration
Overview A vulnerability exists in iPlanet Web Server and Netscape Enterprise Server in which Web Publisher commands can be used to obtain directory listings. Description iPlanet Web Server and Netscape Enterprise Server permit unauthenticated remote users to enumerate server directories via Web...
Solaris rpc.yppasswdd does not adequately check input allowing users to execute arbitrary code
Overview A remotely exploitable buffer overflow exists in the 'rpc.yppasswd' service on Solaris 2.6, 2.7, and 2.8. Description Network Information Service NIS provides a simple network lookup service consisting of databases and processes. Its purpose is to provide information, that has to be know...
Robtex Viking Web Server permits traversal out of HTTP docs root directory
Overview Viking v1.07 is a 'multi-protocol-internet-server' available from http://www.robtex.com. A vulnerability exists with this web server which allows a remote user to see any file on the server with read permissions enabled. Description Viking v1.07 does not stop requests which traverse the...
Internet Explorer incorrectly validates certificates when CRL checking is enabled
Overview Microsoft Internet Explorer IE fails to properly validate certificates when CRL checking is enabled. As a result, sensitive information may be exposed. Description Digital certificates are small documents used to authenticate and encrypt information transmitted over the Internet. One ver...
MS ActiveMovieControl Object downloads arbitrary files
Overview Description This vulnerability is actually the same as the Cache Bypass issue described in VU38950. This document is provided for people looking for information based on publicly available exploits using the Active Movie control. The flaw is not in the Active Movie control per se, but...
Content Delivery Networks handle HTTP headers in different and unexpected ways
Overview A Content Delivery Network CDN is a distributed network of proxy servers that deliver web content collected from a back end web server using a temporary local storage called a cache. HTTP cache poisoning is a type of attack that allows a remote attacker to inject arbitrary content using...
Flash Seats Mobile App for Android and iOS fails to validate SSL certificates
Overview Flash Seats Mobile App for Android, version 1.7.9 and earlier, and for iOS, version 1.9.51 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper...
Synology NAS servers contain insecure default credentials
Overview Synology NAS servers DS107, DS116, and DS213, use default credentials. Description CWE-255: Credentials Management - CVE-2016-6554Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials o...
MatrixSSL contains multiple vulnerabilities
Overview MatrixSSL, version 3.8.5 and earlier, contains heap overflow, out-of-bounds read, and unallocated memory free operation vulnerabilities. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-6890The Subject Alt Name field of X.509 certificates is not properly parsed. A specially...