IE 5.01 will execute VBA code contained in Access databases when triggered from HTML code contained in an IFRAME

Overview Under certain conditions, Internet Explorer can open Microsoft Access database or project files containing malicious code and execute the code without giving a user prior warning. Access files that are referenced by OBJECT tags in HTML documents can allow attackers to execute arbitrary...

MatrixSSL contains multiple vulnerabilities

Overview MatrixSSL, version 3.8.5 and earlier, contains heap overflow, out-of-bounds read, and unallocated memory free operation vulnerabilities. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-6890The Subject Alt Name field of X.509 certificates is not properly parsed. A specially...

Juniper ScreenOS contains multiple vulnerabilities

Overview Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device. Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic. Description...

Epiphany Cardio Server is vulnerable to SQL and LDAP injection

Overview The Epiphany Cardio Server is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights. Description Epiphany Cardio Server was reported as being vulnerable to the following issues:CWE-89: Improper Neutralization of Special Elements...

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Overview CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. Description CSL DualCom GPRS CS2300-R alarm signalling boards are secure premises transmitters SPT that notify alarm receiving centers ARC when an alarm system is tripped...

Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability

Overview Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery CSRF vulnerability. CWE-352 Description CWE-352: Cross-Site Request Forgery CSRF Fortinet Fortiweb prior to...

Ignite Realtime Smack XMPP API contains multiple vulnerabilities

Overview Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates CWE-358 and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. CWE-345 Description CWE-358:Improperly Implemented Security Check for Standard- CVE-2014-0363 The...

Huawei E355 contains a direct request vulnerability

Overview Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. CWE-425 Description Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request...

Belkin Wemo Home Automation devices contain multiple vulnerabilities

Overview Belkin Wemo Home Automation devices contain multiple vulnerabilities. Description CWE-321: Use of Hard-coded Cryptographic Key -CVE-2013-6952 Belkin Wemo Home Automation firmware contains a hard-coded cryptographic key and password. An attacker may be able to extract the key and password...

Atmail Webmail Server version 7.1.3 contains cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities

Overview Atmail Webmail Server version 7.1.3 and possibly earlier versions contain stored cross-site scripting XSS CWE-79 and cross-site request forgery CSRF CWE-352 vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' -...

SAP Sybase Adaptive Server Enterprise vulnerable to XML injection

Overview SAP Sybase Adaptive Server Enterprise Version 15.7 ESD 2 and possibly earlier versions contains an XML injection vulnerability CWE-91. Description CWE-611:Improper Restriction of XML External Entity Reference 'XXE' SAP Sybase Adaptive Server Enterprise ASE Version 15.7 ESD 2 contains an...

Adobe Shockwave player vulnerable to downgrading

Overview Adobe Shockwave Player may automatically install a legacy version of the runtime, which can increase the attack surface of systems that have Shockwave installed. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe...

CA ARCserve Backup opcode 0x7a RWSList remote code execution vulnerability

Overview The CA ARCserve Backup authentication service, caauthd.exe, is susceptible to a pre-authentication remote code execution vulnerability. Arbitrary code will run with NT AUTHORITY\SYSTEM privileges. CA ARCserve Backup r16 SP1 was reported to be vulnerable. Description The Offensive Securit...

ForeScout CounterACT reflected XSS vulnerability

Overview The ForeScout CounterACT appliance contains reflected cross-site scripting XSS vulnerabilities. Description The web interface of the ForeScout CounterACT appliance contains reflected XSS vulnerabilities CWE-79. The following are a couple...

AutoFORM PDM Archive contains multiple vulnerabilities

Overview AutoFORM PDM Archive contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description According to AutoFORM's website AutoFORM PDM Archive is a comprehensive output management solution that encompasses document...

dotCMS template permissions allow arbitrary code execution

Overview The dotCMS content management system version 1.9 and possibly earlier versions, contains a vulnerability that allows users with the appropriate permissions to create a malicious template with arbitrary code. Description An authenticated dotCMS user with the permissions required to author...

Dell KACE K2000 Appliance read-only database account allows account information disclosure

Overview A vulnerability in the database component of the Dell KACE K2000 Deployment Appliance may allow a remote attacker to read account information from an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale...

Avaya Secure Access Link (SAL) Gateway information disclosure vulnerability

Overview Avaya Secure Access Link SAL gateway releases 1.5, 1.8, and 2.0 have an information disclosure vulnerability in the default install. Description According to Avaya's Product Support Notice PSN003314u PDF:"On installation of SAL Gateway with the default properties provided along with the...

Microsoft Windows graphics engine thumbnail stack buffer overflow

Overview Microsoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code. Description Microsoft Windows contains a stack-based buffer overflow vulnerability caused by a signedness error in the...

Adobe Shockwave Player Director file 'rcsL' chunk parsing vulnerability

Overview Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems contain a critical vulnerability in the handling of "rcsL" chunks. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Ado...

Cisco Network Building Mediator products contain multiple vulnerabilities

Overview Cisco Network Building Mediator NBM products are affected by multiple vulnerabilities that could allow an attacker to gain control of a vulnerable device or to cause a denial of service. Description Cisco Network Building Mediator NBM products are designed to manage facility energy use...

Libpurple buffer overflow vulnerability

Overview The Libpurple instant messenger library contains a vulnerability that may allow an attacker to execute arbitrary code. Description Libpurple is an instant messenger IM library that is used by various programs to connect to multiple networks. Libpurple contains a buffer overflow...

Particle Software IntraLaunch Application Launcher ActiveX control fails to restrict access to dangerous methods

Overview The Particle Software IntraLaunch Application Launcher ActiveX control allows arbitrary code execution. Description Particle Software IntraLaunch is an ActiveX control that "... allows web page links to execute anything from applications to associations such as Word or Acrobat PDF...

libspf2 DNS TXT record parsing buffer overflow

Overview libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. Description libspf2 is a widely-deployed implementation of the Sender Policy Framework. According to RFC 4408: An SPF record is a DNS Resource Record RR that declares which hosts are, and are not,...

IPv6 implementations insecurely update Forwarding Information Base

Overview A vulnerability in some implementations of the IPv6 Neighbor Discovery Protocol may allow a nearby attacker to intercept traffic or cause congested links to become overloaded. Description IPv6 networks use the Neighbor Discovery Protocol NDP to detect and locate routers and other on-link...

OpenSSL Server Name extension Denial of Service

Overview A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service. Description OpenSSL contains a vulnerability in the way server name extension data is handled that may result in a denial of service. According to OpenSSL Security Advisory 28-Mar-2008:If...

Creative Software AutoUpdate Engine ActiveX stack buffer overflow

Overview The Creative Labs AutoUpdate Engine ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Creative Software AutoUpdate Engine ActiveX control is a component that provides...

Microsoft GDI buffer overflow vulnerability

Overview The Microsoft GDI contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The Graphics Device Interface GDI is component of the Microsoft Windows user interface. Windows Metafile WMF and Enhanced Metafile EMF are image file formats...

SSH Tectia Client and Server ssh-signer local privilege escalation

Overview The SSH Communications Security Tectia Client and Server products are vulnerable to privilege escalation, which may allow a local user to gain root access. Description The SSH Tectia Client and Server products contain an unspecified privilege escalation vulnerability in ssh-signer. A loc...

Microsoft SMBv2 signing vulnerability

Overview A vulnerability in the way Microsoft Server Message Block Version 2 SMBv2 implements digital signing of packets may allow a remote, unauthenticated attacker to gain local user privileges and execute arbitrary code. Description Microsoft Server Message Block SMB Protocol is a network file...

Mortbay Jetty vulnerable to HTTP response splitting

Overview Mortbay Jetty is vulnerable to HTTP response splitting, which may allow a remote, unauthenticated attacker to inject various HTTP headers Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle HTTP headers with CRLF sequences, which can allow an...

CUPS buffer overflow vulnerability

Overview The Common Unix Printing System contains a buffer overflow vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Common Unix Printing System CUPS is a printing service used by many Linux and Unix operating systems. CUPS uses a print...

IBM and Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures

Overview The IBM Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes several...

Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...

Computer Associates Anti-Virus engine fails to properly handle malformed CAB archives

Overview The Computer Associates Anti-Virus engine contains a stack-based buffer overflow that may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Computer Associates Anti-Virus engine contains a stack-based buffer overflow in the code responsible for processin...

IPv6 Type 0 Route Headers allow sender to control routing

Overview IPv6 Type 0 Route Headers allow the sender to control packet routing. This vulnerability may allow an attacker to cause a denial-of-service condition. Description Routing header options provided by IPv6 allow packet senders to indicate specific nodes through which the packet should trave...

Mozilla products vulnerable to memory corruption in the JavaScript engine

Overview A vulnerability in the Mozilla JavaScript engine may allow execution of arbitrary code or denial of service. Description The Mozilla JavaScript engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear. According to...

libpng denial of service vulnerability

Overview The libpng library contains a denial-of-service vulnerability. Description The libpng library can be used to allow other applications to render PNG images.The libpng library contains a denial-of-service vulnerability. From the Libpng-1.2.16-ADVISORY: This vulnerability could be used to...

Microsoft Windows Media Services NMSA Session Description Object ActiveX control contains dangerous methods

Overview The Microsoft Windows Media Services NMSA Session Description Object ActiveX control fails to restrict access to dangerous methods. This vulnerability could allow a remote attacker to execute arbitrary code on an affected system. Description Microsoft Windows Media Services is a software...

SolidWorks sldimdownload ActiveX control fails to restrict access to methods

Overview The SolidWorks sldimdownload ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary code on a vulnerable system. Description SolidWorks provides 3D CAD software solutions. The SolidWorks sldimdownload ActiveX control is provided by the file...

Apple QuickTime PICT heap buffer overflow

Overview The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description PICT is a graphics file format that was used by Apple Macintosh systems prior to OS X as their...

Apple Airport Extreme fails to properly process 802.11 frames

Overview A vulnerability exists in the Apple AirPort Extreme wireless driver that may allow an attacker to crash a vulnerable system. Description The Apple AirPort Extreme adapter is an 802.11g compatible wireless adapter used in Apple OS X laptops and desktops. A flaw exists in the way AirPort...

CA BrightStor ARCserve Backup Tape Engine directly calls user supplied data in RPC requests

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a vulnerability in its Tape Engine RPC service. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retenti...

Microsoft Word malformed pointer vulnerability

Overview A vulnerability in Microsoft Word could allow an attacker to compromise a vulnerable system. Description Data used by Microsoft Word to construct a destination address for a memory copy routine is embedded within a Word document itself. If an attacker constructs a Word document with a...

Microsoft Word malformed string vulnerability

Overview A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a vulnerability that could be exploited when Word opens a specially crafted document. It is possible that the vulnerability can be exploited by...

Microsoft Internet Explorer fails to properly interpret HTML with certain layout combinations

Overview A vulnerability in the way Microsoft Internet Explorer interprets malformed Web pages may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret specially crafted Web pages...

Microsoft XML Core Services XMLHTTP ActiveX control vulnerability

Overview The Microsoft XML Core Services XMLHTTP ActiveX control contains an unspecified vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use applications such as...

Wireshark contains multiple off-by-one errors in the IPSec ESP preference parser

Overview Wireshark contains a vulnerability in the IPSec ESP preference parser that may cause a denial of service condition. Description Wireshark contains multiple off-by-one vulnerabilities in the IPSec ESP preference parser when the application has been compiled with ESP decryption support.Thi...

Microsoft Excel fails to properly handle Lotus 1-2-3 files

Overview Microsoft Excel contains a vulnerability in the handling of malformed Lotus 1-2-3 files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains an unspecified vulnerability that could be exploited when Exc...

Microsoft Windows WebViewFolderIcon ActiveX integer overflow

Overview The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft WebViewFolderIcon object is an ActiveX control that comes with...