3704 matches found
TCP/IP implementations handle unusual flag combinations inconsistently
Overview Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies. Description Background on TCP/IP Connection Semantics To establish a TCP connection, a client and server...
ypxfrd daemon fails to properly validate user supplied arguments in "getdbm" procedure
Overview A vulnerability in the ypxfrd daemon may allow a local attacker to read arbitrary files on the vulnerable system. Description Janusz Niewiadomski, of iSEC, discovered this vulnerability and produced the following advisory.Issue: ====== Improper arguments validation in ypxfrd may allow...
PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection
Overview PostNuke does not adequately filter user input, allowing arbitrary MySQL query execution and user authentication without password. Description PostNuke is a web content management system based on PHPNuke, written in PHP. The article.php component of PostNuke versions 0.62, 0.63, and 06.4...
Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling
Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...
X11 vulnerable to buffer overflow in handling of -xrm option
Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_displayparamstmt" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpdisplayparamstmt , that permits an unprivileged user of a database to gain administrative...
SGI IRIX rpc.xfsmd does not filter shell metacharacters from user input before invoking popen() function
Overview The XFS journaling filesystem daemon uses a call to popen3 with unfiltered client-controlled input. This will lead to arbitrary command execution on remote systems. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon xfsmd on SGI systems use...
Certain implementations of SSH1 may reveal internal cryptologic state
Overview An implementation problem in at least one Secure Shell SSH product and a weakness in the PKCS11.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH. Description A weakness in some SSH products using the SSH1 protocol may allow an attacker...
util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility
Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. T...
Uudecode performs inadequate checks on user-specified output files
Overview The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes. Description The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for...
rpc.rwalld contains remotely exploitable format string vulnerability
Overview rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon. Description rpc.rwalld is a utility that listens for remote wall requests. Wal...
Microsoft Internet Explorer Permits Remote Command Execution Through <OBJECT> Tag
Overview Microsoft Internet Explorer IE permits the remote execution of arbitrary commands via the tag. Description A vulnerability exists in the way that Microsoft Internet Explorer IE handles tags. If the CLASSID CLSID is unrecognized, then Internet Explorer will execute arbitrary commands...
Microsoft scriptlet.typlib ActiveX object unsafe for scripting from Internet Explorer
Overview The ActiveX control "scriptlet.typlib" is incorrectly marked "safe for scripting" in Internet Explorer IE versions 4.0 and 5.0, when it is actually unsafe for scripting. Description There exists a vulnerability in the default installation of an ActiveX control named "scriptlet.typlib,"...
Cisco IOS vulnerable to deferred DoS via SYN scan to certain TCP port ranges
Overview Cisco Internetwork Operating System IOS may reload unexpectedly after being scanned on certain ports. Description Certain versions of Cisco IOS contain a vulnerability that allows the router to enter an unstable state after receiving a connection attempt on any TCP port in the following...
RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL
Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle null characters contained in a URL. A specially crafted request may cause ACE/Agent to enter a debugging mode, possibly...
TrendMicro InterScan WebManager contains buffer overflow in RegGo.dll
Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan WebManager. Description InterScan WebManager is an application that inspects http traffic flowing into a network for known malicious code. This application also has the capability to restrict access to...
klogd does not adequately handle NULL byte when parsing text using LogLine( )
Overview There is a denial-of-service vulnerability in certain distributions of the Linux kernel logging daemon klogd which could allow an attacker to cause klogd to hang. Description The Linux kernel logging daemon klogd can be forced to hang if it receives a null byte in a log message from the...
Linux kernel does not properly validate user input via sysctl for negative value
Overview Unprivileged local users can exploit the sysctl Linux kernel program to gain privileged access. Description A program called sysctl in the Linux kernel allows a privileged local user to read or write runtime system settings. Unprivileged local users are also allowed to use sysctl to read...
Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"
Overview A vulnerability exists in Microsoft Internet Information Server IIS that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type...
gpm creates temporary files insecurely
Overview gpm version 1.19.3, which usually runs as root, is vulnerable due to a flaw that allows a local user to exploit a race condition to corrupt files that gpm uses. Description gpm General Purpose Mouse is a program that lets you use the mouse in console mode when not using XWindows. It is...
statd bounce vulnerability
Overview statd allows access to RPC services it shouldn't. Description Background rpc.statd and rpc.lockd are designed to work in conjunction with each other to manage NFS lock information in the event of a crash of an NFS client or server. The rpc service rpc.statd is a program designed to...
Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J
Overview A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets...
R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files
Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS R Data Serialization format files and .rdx files. An attacker can create malicious RDS...
Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location
Overview Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2020-10143 Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR...
dotCMS contains multiple vulnerabilities
Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...
Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access
Overview The Lemur Vehicle Monitors BlueDriver is an aftermarket automotive device that connects to a vehicle's OBD-II port and provides information about the vehicle's performance. The BlueDriver does not require a PIN for Bluetooth access, which allows anyone in range to send arbitrary commands...
Patterson Dental Eaglesoft uses a hard-coded database password across installations
Overview Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Description CWE-798: Use of Hard-coded Credentials- CVE-2016-2343 According to the researcher, Eaglesoft uses hard-coded credentials to access a...
Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability
Overview Multiple vendors' implementations of Virtual Machine Monitors VMM are vulnerable to a memory deduplication attack. Description As reported in the "Cross-VM ASL INtrospection CAIN" paper, an attacker with basic user rights within the attacking Virtual Machine VM can leverage memory...
Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials
Overview Sierra Wireless GX, ES, and LS gateway devices running ALEOS versions 4.4.1 and earlier contain hard-coded credentials. Description CWE-259: Use of Hard-coded Password - CVE-2015-2897Sierra Wireless GX, ES, and LS gateways running ALEOS contain multiple hard-coded accounts with root...
Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys
Overview Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing Description Komodia Redirector SDK is a self-described "interception engine" designed to enable developers to integrate proxy services and w...
Ektron Content Management System (CMS) contains multiple vulnerabilities
Overview Ektron Content Management System CMS versions 8.5, 8.7, and 9.0 contain a XXE and a resource injection vulnerability. Description Note: A prior version of this report indicated incorrectly that Ektron CMS version 9.1 was vulnerable. The vendor indicated that the last version to ship with...
Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability
Overview Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery CSRF vulnerability. CWE-352 Description CWE-352: Cross-Site Request Forgery CSRF Fortinet Fortiweb prior to...
AMTELCO miSecureMessages Server insecurely authenticates clients
Overview AMTELCO miSecureMessages Server Release 6.2 performs weak authentication for access to user messages CWE-287. Description AMTELCO miSecureMessages Server Release 6.2 performs weak authentication for access to user messages. miSecureMessages authenticates client app XML requests for...
EMC Documentum Product Suite version 6.7 contains a DOM based cross-site scripting vulnerability
Overview EMC Documentum Product Suite version 6.7 and possibly earlier versions contain a DOM based cross-site scripting vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' EMC Documentum Product Suite version 6.7 and possib...
Dual_EC_DRBG output using untrusted curve constants may be predictable
Overview Output of the Dual Elliptic Curve Deterministic Random Bit Generator DUALECDRBG algorithm may be predictable by an attacker who has chosen elliptic curve parameters in advance. Description NIST SP 800-90A defines three elliptic curves for use in DualECDBRG but does not describe the...
HP System Management Homepage vulnerable to a denial-of-service condition
Overview HP System Management Homepage 7.2.0.14 and possibly earlier versions contain a denial-of-service vulnerability CWE-121. Description CWE-121: Stack-based Buffer Overflow HP System Management Homepage 7.2.0.14 contains a denial-of-service vulnerability. The remote attacker may send the...
Corporater EPM Suite is vulnerable to cross-site request forgery and cross-site scripting
Overview Corporater EPM Suite contains cross-site request forgery CSRF CWE-352 and reflected cross-site scripting XSS CWE-79 vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF- CVE-2013-3583Corporater EPM Suite contains a cross-site request forgery vulnerability on the...
IBM QRadar SIEM command injection vulnerability
Overview IBM QRadar SIEM software contains a command injection vulnerability that allows an authenticated user to execute operating system commands on the QRadar device. Description The IBM security bulletin for CVE-2013-2970 states:A command injection vulnerability has been discovered within the...
C2 WebResource web interface XSS vulnerability
Overview The C2 WebResource web interface contains a XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'The C2 WebResource web interface is vulnerable to XSS on the following URL and parameter:...
OTRS contains a cross-site scripting vulnerability
Overview Open Technology Real Services OTRS contains a cross-site scripting XSS CWE-79 vulnerability in the body of HTML emails viewed within the OTRS application. Description OTRS is an open source Help Desk and ITIL® V3 compliant IT Service Management platform.OTRS Security Advisory 2012-03...
Open Technology Real Services cross-site scripting vulnerability
Overview Open Technology Real Services OTRS is susceptible to a cross-site scripting vulnerability. Description Open Technology Real Services OTRS contains a cross-site scripting CWE-79 vulnerability in the email body. An attacker may be able to load arbitrary script in the context of the user's...
CuteSoft Cute Editor 6.4 reflected cross site scripting
Overview CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting XSS CWE-79 vulnerability. Description CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting XSS CWE-79 vulnerability. The GET request parameter called UploadID...
Caucho's Quercus on Resin contains multiple vulnerabilities
Overview Caucho's Quercus on Resin contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description It has been reported that Caucho's Quercus on Resin contains multiple vulnerabilities which could allow an attacker to...
Symantec Endpoint Protection network threat protection module Microsoft IIS denial of service vulnerability
Overview Symantec Endpoint Protection SEP Network Threat Protection module running on a Microsoft Internet Information Services IIS webserver contains a denial of service vulnerability when probed by an audit tool. Description Symantec Security Advisory SYM12-007 states:Overview Versions of...
HP Business Service Management 9.12 remote code execution vulnerability
Overview The HP Business Service Management HPBSM application contains a remote code execution vulnerability. Version 9.12 has been reported to be affected but other versions may also be affected. Description HPBSM uses the JBOSS application server. In the default configuration, HPBSM contains op...
Hewlett-Packard printers and scanner devices allow remote unautheticated firmware updates
Overview A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. Description Certain Hewlett-Packard Printers and Hewlett-Packard Digital Senders products allow the device's firmware to be updated over the network. T...
Microsoft Windows TrueType font array indexing vulnerability
Overview A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to cause a denial-of-service condition in Microsoft Windows. Description The Microsoft Windows kernel includes a driver win32k.sys that handles a variety of graphics processing tasks, includi...
Iceni products PDF parser stack buffer overflow
Overview Iceni Argus and Infix contain a stack buffer overflow in the handling of flate-compressed PDF content, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Iceni Argus is a PDF conversion library. Argus 6.20 and earlier fail to...
Cisco Tandberg E, EX, and C Series default root credentials
Overview Cisco's Tandberg C series endpoints and E/EX personal video units that run software versions prior to TC4.0.0 have a root administrator account enabled by default with no password. Description Cisco Advisory cisco-sa-20110202-tandberg states:"This vulnerability affects Tandberg C Series...
WellinTech KingView 6.53 remote heap overflow vulnerability
Overview WellinTech KingView 6.53 contains a remote heap overflow vulnerability in the HistorySrv process which may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to WellinTech's website: "King V iew software is a high-pormance production which can be us...