3704 matches found
Mozilla fails to validate the DN of X.509 certificates
Overview Mozilla fails to verify that the Distinguished Name DN of an X.509 certificate is unique when importing it. A denial of service occurs when Mozilla imports a specially crafted, self-signed certificate that has the same DN as an existing Certificate Authority CA root certificate...
Microsoft Internet Explorer contains an integer overflow in the processing of bitmap files
Overview A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE is a web browser. An integer overflow vulnerability has been discovered in the way that Internet Explorer processes...
ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions
Overview The Internet Systems Consortium's ISC Dynamic Host Configuration Protocol DHCP 3 application contains a vulnerability that introduces several potential buffer overflow conditions. Exploitation of this vulnerability can cause a denial-of-service condition to the DHCP Daemon DHCPD and may...
Apple Mac OS X help system may interpret inappropriate local script files
Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...
Oracle Application Server Web Cache contains heap overflow vulnerability
Overview Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution. Description The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web...
Apple Mac OS X "cd9660.util" buffer overflow
Overview A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system. Description Apple's Mac OS X operating...
HTTP Parsing Vulnerabilities in Check Point Firewall-1
Overview Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges. Description The HTTP Security Servers component of Check Point Firewall-1 contains an HTTP parsing vulnerability that is triggered by...
Red Hat Enterprise Linux kernel-2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode
Overview Red Hat Enterprise Linux kernel prior to version 2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode. This could allow a local user to gain elevated or root privileges. Description The Linux kernel handles the basic functionality of the operating...
Microsoft Authenticode mechanism installs ActiveX controls without prompting user
Overview A vulnerability in Microsoft's Authenticode could allow a remote attacker to install an untrusted ActiveX control on the victim's system. Description According to Microsoft Security Bulletin MS03-041:ActiveX is a technology that allows programmers to develop self-contained software modul...
Sun Solstice AdminSuite ships with insecure default configuration
Overview The sadmind service provided on many Solaris and SunOS systems ships with an insecure default configuration that allows remote users to execute arbitrary commands with superuser root privileges. Description The Sun Microsystems Solstice AdminSuite is a graphical tool that allows Solaris...
Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function
Overview A vulnerability in the Linux NFS network File System could permit an attacker to cause a denial of service, or potentially execute arbitrary code on the system. Description The Linux NFS network File System was developed to allow machines to mount a disk partition on a remote machine as ...
gtop daemon contains buffer overflow
Overview A buffer overflow exists in the gtop daemon. Description A buffer overflow in gtopd, specifically permitted, may allow a remote attacker to execute arbitrary code. For more detailed information, please see Flavio Veloso's analysis.gtop background information Many Unix systems allow only...
Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address
Overview A denial-of-service vulnerability exists in all versions of Postfix prior to 2.0. This vulnerability may allow a remote attacker to cause mail service interruption. Description Postfix is a very popular mail transfer agent MTA. Michal Zalewski has discovered a denial-of-service...
Microsoft Windows RPC service vulnerable to denial of service
Overview A vulnerability exists in Microsoft's Remote Procedure Call RPC implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft has released MS03-039 to address a vulnerability...
Microsoft SQL Server contains flaw in checking method for the named pipe
Overview A vulnerability in Microsoft SQL Server may allow an attacker to hijack a named pipe. An attacker may be able to leverage this vulnerability to gain elevated privileges. Description Microsoft describes a named pipe as, "a specifically named one-way or two-way channel for communication...
SSH Secure Shell for Servers fails to remove child process from master process group
Overview A locally exploitable privilege escalation vulnerability exists in SSH Secure Shell versions 2.0.13 - 3.2.1. Description Secure Shell for Servers, developed by SSH Communications Security, does not properly remove the child process from the master process group after non-interactive...
The default NTFS permissions are not applied to a converted boot partition on Microsoft Windows 2000 and Windows XP systems when CONVERT.EXE is used
Overview Several commercial desktops and laptops from OEM distributors ship with insecure permissions set on files and directories. It has been confirmed that this is due to the use of Microsoft's CONVERT.EXE utility. Description Microsoft's CONVERT.EXE program is used to convert FAT32 file syste...
ypxfrd daemon fails to properly validate user supplied arguments in "getdbm" procedure
Overview A vulnerability in the ypxfrd daemon may allow a local attacker to read arbitrary files on the vulnerable system. Description Janusz Niewiadomski, of iSEC, discovered this vulnerability and produced the following advisory.Issue: ====== Improper arguments validation in ypxfrd may allow...
Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling
Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...
EFTP does not adequately validate user input thereby allowing directory traversal
Overview Encrypted File Transfer Program EFTP does not properly validate CWD commands, allowing authenticated users to read arbitrary directories and files. Description Encrypted File Transfer Program EFTP is an implementation of the FTP protocol using 448-bit Blowfish encryption. EFTP allows...
Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum2 transaction
Overview Microsoft Server Message Block SMB may crash when it receives a crafted SMBCOMTRANSACTION packet requesting a NetServerEnum2 transaction. Attackers can use this vulnerability to cause a denial of service. Description SMB is a protocol for sharing data and resources between computers. It ...
Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection
Overview Novell Netware RCONAG6 allows users to gain access to the server without a password. Description Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_displayparamstmt" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpdisplayparamstmt , that permits an unprivileged user of a database to gain administrative...
Cisco CallManager contains memory leak
Overview The Cisco Call Manager contains a vulnerability that could permit an intruder to crash the Call Manager. Description The Cisco Call Manageris software to manage telephone calls in a mixed data and voice environment. Specifically the Cisco Call Manager "extends enterprise telephony featur...
Certain implementations of SSH1 may reveal internal cryptologic state
Overview An implementation problem in at least one Secure Shell SSH product and a weakness in the PKCS11.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH. Description A weakness in some SSH products using the SSH1 protocol may allow an attacker...
Yahoo! Messenger contains buffer overflow in "IMvironment" field
Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "imv" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "imv" field that may permit a remote attacker to execute arbitrary code ...
Sun Solaris cachefsd vulnerable to heap overflow in cfsd_calloc() function via long string of characters
Overview Sun's NFS/RPC cachefs daemon cachefsd is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 SPARC and Intel architectures. Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. A remotely exploitable heap overflow exists i...
rpc.rwalld contains remotely exploitable format string vulnerability
Overview rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon. Description rpc.rwalld is a utility that listens for remote wall requests. Wal...
Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled
Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to collect fragments of previously processed packets. Description Many networking devices running Cisco IOS with Cisco Express Forwarding CEF enabled contain a...
Cisco IOS vulnerable to deferred DoS via SYN scan to certain TCP port ranges
Overview Cisco Internetwork Operating System IOS may reload unexpectedly after being scanned on certain ports. Description Certain versions of Cisco IOS contain a vulnerability that allows the router to enter an unstable state after receiving a connection attempt on any TCP port in the following...
Cisco IOS vulnerable to DoS via crafted PPTP packet sent to port 1723/tcp
Overview Cisco IOS contains a vulnerability that allows an intruder to crash the router. Description By sending a specially crafted PPTP packet to port 1723, an intruder can crash a device running a vulnerable version of IOS. Quoting from the Cisco Advisory: By sending a crafted PPTP packet to a...
RIT Research Labs The Bat! does not properly parse <CR> characters not followed by a <LF> character
Overview Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error ...
MySQL monitor drop database command contains buffer overflow
Overview MySQL is a popular open source database package. It contains a buffer overflow in the code that processes drop database commands. Description The MySQL server, mysqld, contains a buffer overflow in the code used to process drop database requests . By carefully crafting a MySQL drop...
Cisco IOS software vulnerable to DoS via HTTP request containing "?/"
Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to force affected switches and routers to crash and reboot. Description To exploit this vulnerability, the IOS HTTP interface must be enabled and the attacker must...
IE 5.01 will execute VBA code contained in Access databases when triggered from HTML code contained in an IFRAME
Overview Under certain conditions, Internet Explorer can open Microsoft Access database or project files containing malicious code and execute the code without giving a user prior warning. Access files that are referenced by OBJECT tags in HTML documents can allow attackers to execute arbitrary...
Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J
Overview A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets...
McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
Overview McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place files. Description CVE-2022-0166 McAfee Agent, which comes with various McAfee products such as McAfee...
Siemens Totally Integrated Automation Portal vulnerable to privilege escalation due to Node.js paths
Overview Siemens Totally Integrated Administrator TIA fails to properly set the module search path to be used by a privileged Node.js component, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. The PCS neo administration console is reported to be affected...
MyCar Controls uses hard-coded credentials
Overview The MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. Description MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation, remote start/stop...
Animas OneTouch Ping insulin pump contains multiple vulnerabilities
Overview The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. Description CWE-319:...
Juniper ScreenOS contains multiple vulnerabilities
Overview Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device. Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic. Description...
CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties
Overview CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. Description CSL DualCom GPRS CS2300-R alarm signalling boards are secure premises transmitters SPT that notify alarm receiving centers ARC when an alarm system is tripped...
Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability
Overview Multiple vendors' implementations of Virtual Machine Monitors VMM are vulnerable to a memory deduplication attack. Description As reported in the "Cross-VM ASL INtrospection CAIN" paper, an attacker with basic user rights within the attacking Virtual Machine VM can leverage memory...
Impero Education Pro classroom management software vulnerable to remote code execution
Overview Impero Software Education Pro classroom management software is vulnerable to remote code execution via improper encryption and authentication mechanisms. Description CWE-321: Use of Hard-coded Cryptographic KeyCWE-329: Not Using a Random IV with CBC Mode - CVE-2015-5997 According to the...
Ektron Content Management System (CMS) contains multiple vulnerabilities
Overview Ektron Content Management System CMS versions 8.5, 8.7, and 9.0 contain a XXE and a resource injection vulnerability. Description Note: A prior version of this report indicated incorrectly that Ektron CMS version 9.1 was vulnerable. The vendor indicated that the last version to ship with...
Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability
Overview Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery CSRF vulnerability. CWE-352 Description CWE-352: Cross-Site Request Forgery CSRF Fortinet Fortiweb prior to...
Huawei E355 contains a direct request vulnerability
Overview Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. CWE-425 Description Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request...
Belkin Wemo Home Automation devices contain multiple vulnerabilities
Overview Belkin Wemo Home Automation devices contain multiple vulnerabilities. Description CWE-321: Use of Hard-coded Cryptographic Key -CVE-2013-6952 Belkin Wemo Home Automation firmware contains a hard-coded cryptographic key and password. An attacker may be able to extract the key and password...
Atmail Webmail Server version 7.1.3 contains cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities
Overview Atmail Webmail Server version 7.1.3 and possibly earlier versions contain stored cross-site scripting XSS CWE-79 and cross-site request forgery CSRF CWE-352 vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' -...
SAP Sybase Adaptive Server Enterprise vulnerable to XML injection
Overview SAP Sybase Adaptive Server Enterprise Version 15.7 ESD 2 and possibly earlier versions contains an XML injection vulnerability CWE-91. Description CWE-611:Improper Restriction of XML External Entity Reference 'XXE' SAP Sybase Adaptive Server Enterprise ASE Version 15.7 ESD 2 contains an...