ISC DHCP contains a stack buffer overflow vulnerability in handling log lines containing ASCII characters only

Overview The Internet Systems Consortium's ISC Dynamic Host Configuration Protocol DHCP 3 application contains a buffer overflow vulnerability. Exploitation of this vulnerability can cause a denial of service condition to the DHCP Daemon DHCPD and may permit a remote attacker to execute arbitrary...

Microsoft Windows Help and Support Center (HCP) fails to validate HCP URLs

Overview A remotely exploitable vulnerability exists in the Help and Support Center HCP. An attacker could compromise the victim's system by tricking them into visiting a malicious web site, or viewing a malicious email message. Description A failure to filter special characters, such as quotes,...

Microsoft Windows contains buffer overflow in processing of WMF and EMF image formats

Overview A vulnerability exists in the APIs that handle Microsoft Windows Metafiles WMF and Enhanced Metafiles EMF image formats. Exploitation may lead to an attacker executing arbitrary code on the system. Description The code that renders Windows Metafiles WMF and Enhanced Metafiles EMF image...

Ethereal fails to properly decode BGP packets containing MPLS IPv6 labels

Overview Ethereal contains a vulnerability in the way the Border Gateway Protocol BGP protocol dissector decodes Multiprotocol Label Switching MPLS IPv6 labels. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing BGP data. According to...

Microsoft Windows ListBox and ComboBox controls vulnerable to buffer overflow when supplied crafted Windows message

Overview There is a buffer overflow in a function called by the Microsoft Windows ListBox and ComboBox controls that could allow an attacker to execute arbitrary code with privileges of the process hosting the controls. Description Processes that run on Windows use messages in order to interact...

Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function

Overview A vulnerability in the Linux NFS network File System could permit an attacker to cause a denial of service, or potentially execute arbitrary code on the system. Description The Linux NFS network File System was developed to allow machines to mount a disk partition on a remote machine as ...

Microsoft Windows DirectX MIDI library does not adequately validate Text or Copyright parameters in MIDI files

Overview A Microsoft Windows DirectX library, quartz.dll, does not properly validate certain parameters in Musical Instrument Digital Interface MIDI files. An attacker could exploit this vulnerability to execute arbitrary code or crash any application using the library, causing a denial of servic...

Microsoft SQL Server contains flaw in checking method for the named pipe

Overview A vulnerability in Microsoft SQL Server may allow an attacker to hijack a named pipe. An attacker may be able to leverage this vulnerability to gain elevated privileges. Description Microsoft describes a named pipe as, "a specifically named one-way or two-way channel for communication...

Windows Media Player 9 ActiveX control does not adequately validate access to Windows Media Library

Overview An ActiveX control included with Windows Media Player 9 does not adequately validate script access to the Windows Media Library. This could allow an attacker to read or modify data contained in the library. Description Windows Media Player 9 includes an ActiveX control that can be used t...

The default NTFS permissions are not applied to a converted boot partition on Microsoft Windows 2000 and Windows XP systems when CONVERT.EXE is used

Overview Several commercial desktops and laptops from OEM distributors ship with insecure permissions set on files and directories. It has been confirmed that this is due to the use of Microsoft's CONVERT.EXE utility. Description Microsoft's CONVERT.EXE program is used to convert FAT32 file syste...

ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database

Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:It is possible to de-reference a NULL pointer for...

Microsoft Windows SMTP Service fails to properly handle responses from the NTLM authentication layer

Overview A flaw in the authentication code of the SMTP service provided with Windows 2000 server and Exchange 5.5 may allow a user access to the SMTP service. This acess could be used to relay mail in violation of the SMTP server's security policy, or consume CPU resources on the SMTP server...

Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum2 transaction

Overview Microsoft Server Message Block SMB may crash when it receives a crafted SMBCOMTRANSACTION packet requesting a NetServerEnum2 transaction. Attackers can use this vulnerability to cause a denial of service. Description SMB is a protocol for sharing data and resources between computers. It ...

Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_execresultset" extended procedure

Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpexecresultset , that permits an unprivileged user of a database to gain administrative...

Nevrona Designs MiraMail stores all configuration and user account information in unencrypted text file

Overview Some versions of MiraMail store username and passwords in a text file without using encryption. Description MiraMail is a news server for Windows-based hosts. Versions of MiraMail up to and including 1.04 store MiraMail user data, including usernames and passwords, in unencrypted plainte...

AOL Instant Messenger vulnerable to buffer overflow via crafted "addbuddy" URI sent in message

Overview America Online's Instant Messenger AIM contains a remotely exploitable buffer overflow vulnerability. Description AOL Instant Messenger is a widely used program for communicating with other users over the Internet. A buffer overflow exists in the processing of the addbuddy parameter of t...

Yahoo! Messenger contains buffer overflow in "message" field

Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "message" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "message" field that may permit a remote attacker to execute arbitra...

Yahoo! Messenger is vulnerable to DoS via multiple messages from spoofed names

Overview Yahoo! Messenger is an instant messaging client. A report indicates that there is a vulnerability that permits an attacker to spoof the source user name of a Yahoo! Messenger message. Description Yahoo! Messenger permits a user to place users on an ignore list. A vulnerability exists tha...

Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs

Overview There is a remotely exploitable buffer overflow in the Squid proxy/cache server. Exploitation of this vulnerability could lead to an intruder gaining a shell on the target Squid server. Description Squid versions 2.3 and 2.4 are vulnerable to a buffer overflow in the code that parses FTP...

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via Database Access Descriptor password

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. Specifying a crafted password for a Database Access Descriptor DAD could cause a denial of service or execute arbitrary code with the...

Solaris rpc.yppasswdd does not adequately check input allowing users to execute arbitrary code

Overview A remotely exploitable buffer overflow exists in the 'rpc.yppasswd' service on Solaris 2.6, 2.7, and 2.8. Description Network Information Service NIS provides a simple network lookup service consisting of databases and processes. Its purpose is to provide information, that has to be know...

Microsoft Windows 2000 Telnet Service uses named pipes with predictable names

Overview The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows unprivileged local users to execute arbitrary code with elevated privileges. Description The Microsoft Windows 2000 Telnet Service creates a named pipe to share information between the processes that handle ea...

Cisco IOS vulnerable to DoS via crafted PPTP packet sent to port 1723/tcp

Overview Cisco IOS contains a vulnerability that allows an intruder to crash the router. Description By sending a specially crafted PPTP packet to port 1723, an intruder can crash a device running a vulnerable version of IOS. Quoting from the Cisco Advisory: By sending a crafted PPTP packet to a...

RIT Research Labs The Bat! does not properly parse <CR> characters not followed by a <LF> character

Overview Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error ...

glibc unsetenv fails to properly handle environment variables passed more than once to a program

Overview The glibc implementation of unsetenv fails to properly remove one of two successive occurrences of the same environment variable if the variable is redundently passed to a program. Description The glibc implementation of unsetenv, if called to remove an environment variable that occurs t...

MS ActiveMovieControl Object downloads arbitrary files

Overview Description This vulnerability is actually the same as the Cache Bypass issue described in VU38950. This document is provided for people looking for information based on publicly available exploits using the Active Movie control. The flaw is not in the Active Movie control per se, but...

MyCar Controls uses hard-coded credentials

Overview The MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. Description MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation, remote start/stop...

UltraVNC repeater does not restrict IP addresses or ports by default

Overview UltraVNC repeater versions prior to ultravncrepeater1300 do not restrict usage by IP address by default and cannot restrict by ports, which may be leveraged to induce connections to arbitrary hosts using any port. Description CWE-16: Configuration - CVE-2016-5673UltraVNC repeater acts as...

Acer Portal app for Android does not properly validate SSL certificates

Overview The Acer Portal app for Android allows customers to connect to the Acer Cloud. The Acer Portal app, from version 3.9.3.2003 to 3.9.3.2006, does not properly validate SSL certificates when connecting to the Acer Cloud. Description CVE-2016-5648 - CWE-295: Improper Certificate Validation T...

Juniper ScreenOS contains multiple vulnerabilities

Overview Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device. Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic. Description...

Epiphany Cardio Server is vulnerable to SQL and LDAP injection

Overview The Epiphany Cardio Server is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights. Description Epiphany Cardio Server was reported as being vulnerable to the following issues:CWE-89: Improper Neutralization of Special Elements...

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Overview CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. Description CSL DualCom GPRS CS2300-R alarm signalling boards are secure premises transmitters SPT that notify alarm receiving centers ARC when an alarm system is tripped...

Raritian PX power distribution software is vulnerable to the cipher zero attack.

Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password. Description CWE-287: Improper...

Ignite Realtime Smack XMPP API contains multiple vulnerabilities

Overview Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates CWE-358 and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. CWE-345 Description CWE-358:Improperly Implemented Security Check for Standard- CVE-2014-0363 The...

Belkin Wemo Home Automation devices contain multiple vulnerabilities

Overview Belkin Wemo Home Automation devices contain multiple vulnerabilities. Description CWE-321: Use of Hard-coded Cryptographic Key -CVE-2013-6952 Belkin Wemo Home Automation firmware contains a hard-coded cryptographic key and password. An attacker may be able to extract the key and password...

Adobe Shockwave player vulnerable to downgrading

Overview Adobe Shockwave Player may automatically install a legacy version of the runtime, which can increase the attack surface of systems that have Shockwave installed. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe...

CA ARCserve Backup opcode 0x7a RWSList remote code execution vulnerability

Overview The CA ARCserve Backup authentication service, caauthd.exe, is susceptible to a pre-authentication remote code execution vulnerability. Arbitrary code will run with NT AUTHORITY\SYSTEM privileges. CA ARCserve Backup r16 SP1 was reported to be vulnerable. Description The Offensive Securit...

ForeScout CounterACT reflected XSS vulnerability

Overview The ForeScout CounterACT appliance contains reflected cross-site scripting XSS vulnerabilities. Description The web interface of the ForeScout CounterACT appliance contains reflected XSS vulnerabilities CWE-79. The following are a couple...

AutoFORM PDM Archive contains multiple vulnerabilities

Overview AutoFORM PDM Archive contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description According to AutoFORM's website AutoFORM PDM Archive is a comprehensive output management solution that encompasses document...

dotCMS template permissions allow arbitrary code execution

Overview The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious template with arbitrary code. Description An authenticated dotCMS user with the permissions required to author...

Dell KACE K2000 Appliance read-only database account allows account information disclosure

Overview A vulnerability in the database component of the Dell KACE K2000 Deployment Appliance may allow a remote attacker to read account information from an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale...

JasperServer cross-site request forgery vulnerability

Overview JasperSoft's JasperServer is vulnerable to a cross-site request forgery CSRF vulnerability. Description According to JasperSoft's website: "JasperReports Server is a powerful, yet flexible and lightweight reporting server. Generate, organize, secure, and deliver interactive reports and...

Avaya Secure Access Link (SAL) Gateway information disclosure vulnerability

Overview Avaya Secure Access Link SAL gateway releases 1.5, 1.8, and 2.0 have an information disclosure vulnerability in the default install. Description According to Avaya's Product Support Notice PSN003314u PDF:"On installation of SAL Gateway with the default properties provided along with the...

Microsoft Windows graphics engine thumbnail stack buffer overflow

Overview Microsoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code. Description Microsoft Windows contains a stack-based buffer overflow vulnerability caused by a signedness error in the...

Adobe Shockwave Player Director file 'rcsL' chunk parsing vulnerability

Overview Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems contain a critical vulnerability in the handling of "rcsL" chunks. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Ado...

Cisco Network Building Mediator products contain multiple vulnerabilities

Overview Cisco Network Building Mediator NBM products are affected by multiple vulnerabilities that could allow an attacker to gain control of a vulnerable device or to cause a denial of service. Description Cisco Network Building Mediator NBM products are designed to manage facility energy use...

Libpurple buffer overflow vulnerability

Overview The Libpurple instant messenger library contains a vulnerability that may allow an attacker to execute arbitrary code. Description Libpurple is an instant messenger IM library that is used by various programs to connect to multiple networks. Libpurple contains a buffer overflow...

Particle Software IntraLaunch Application Launcher ActiveX control fails to restrict access to dangerous methods

Overview The Particle Software IntraLaunch Application Launcher ActiveX control allows arbitrary code execution. Description Particle Software IntraLaunch is an ActiveX control that "... allows web page links to execute anything from applications to associations such as Word or Acrobat PDF...

IPv6 implementations insecurely update Forwarding Information Base

Overview A vulnerability in some implementations of the IPv6 Neighbor Discovery Protocol may allow a nearby attacker to intercept traffic or cause congested links to become overloaded. Description IPv6 networks use the Neighbor Discovery Protocol NDP to detect and locate routers and other on-link...

Microsoft GDI buffer overflow vulnerability

Overview The Microsoft GDI contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The Graphics Device Interface GDI is component of the Microsoft Windows user interface. Windows Metafile WMF and Enhanced Metafile EMF are image file formats...