klogd does not adequately handle NULL byte when parsing text using LogLine( )

Overview There is a denial-of-service vulnerability in certain distributions of the Linux kernel logging daemon klogd which could allow an attacker to cause klogd to hang. Description The Linux kernel logging daemon klogd can be forced to hang if it receives a null byte in a log message from the...

Linux kernel does not properly validate user input via sysctl for negative value

Overview Unprivileged local users can exploit the sysctl Linux kernel program to gain privileged access. Description A program called sysctl in the Linux kernel allows a privileged local user to read or write runtime system settings. Unprivileged local users are also allowed to use sysctl to read...

Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks

Overview Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the...

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

Overview A vulnerability exists in Microsoft Internet Information Server IIS that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type...

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request for .htr file

Overview A vulnerability exists in Microsoft Internet Information Server IIS which could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable by remote users. Sensitive information contained in such a fi...

MIT Kerberos 5 ksu may allow either the '-r' or '-l' time-interval parameter to overflow the stack with the characters ''d', 'h', 'm', or 's'

Overview Description From the reporter: Time-interval parsing for the "-r" and "-l" command-line options calls a library routine which uses sscanf"%d%d" and passes the address of an automatic int variable to correspond to the second %-sequence. But the % sequence needs an arbitrarily large string...

statd bounce vulnerability

Overview statd allows access to RPC services it shouldn't. Description Background rpc.statd and rpc.lockd are designed to work in conjunction with each other to manage NFS lock information in the event of a crash of an NFS client or server. The rpc service rpc.statd is a program designed to...

Notes default ECL allows execution of unsigned code

Overview Lotus Notes prior to version 5.02, had permissive ECLs that allow for the execution of malicious mail messages. Description A Notes ECL is a list consisting of a Notes Username and a set of permissions from the following list for Notes 4.6.x: Access to file system Access to current...

R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS R Data Serialization format files and .rdx files. An attacker can create malicious RDS...

Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2020-10143 Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR...

Animas OneTouch Ping insulin pump contains multiple vulnerabilities

Overview The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. Description CWE-319:...

OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities

Overview Studio for OrientDB Server Community Edition version prior to version 2.1.1 contains several vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2015-2912The Studio web interface to OrientDB contains a CSRF vulnerability. An attacker can perform actions with the...

Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials

Overview Sierra Wireless GX, ES, and LS gateway devices running ALEOS versions 4.4.1 and earlier contain hard-coded credentials. Description CWE-259: Use of Hard-coded Password - CVE-2015-2897Sierra Wireless GX, ES, and LS gateways running ALEOS contain multiple hard-coded accounts with root...

Aptexx Resident Anywhere exposes sensitive account information

Overview Aptexx Resident Anywhere does not require authentication to view and modify sensitive information contained in direct account and payment URLs, which can be leveraged to bypass authentication and access user accounts. Description CWE-288:Authentication Bypass Using an Alternate Path or...

Huawei E355 contains a stored cross-site scripting vulnerability

Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected...

Google Search Appliance dynamic navigation cross-site scripting vulnerability

Overview Google Search Appliance GSA devices contain a cross-site scripting XSS vulnerability when dynamic navigation is enabled. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Google Search Appliance versions earlier than 7.2.0.G.114 and...

Fortinet FortiADC D-series contains a cross-site scripting vulnerability

Overview Fortinet FortiADC D-series 3.2.0, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiADC D-series 3.2.0, and possibly earlier versions,...

Dual_EC_DRBG output using untrusted curve constants may be predictable

Overview Output of the Dual Elliptic Curve Deterministic Random Bit Generator DUALECDRBG algorithm may be predictable by an attacker who has chosen elliptic curve parameters in advance. Description NIST SP 800-90A defines three elliptic curves for use in DualECDBRG but does not describe the...

Cisco Identity Services Engine contains an input validation vulnerability

Overview Cisco Identity Services Engine contains an input validation vulnerability CWE-20. Description CWE-20: Improper Input Validation Cisco Identity Services Engine ISE contains an input validation vulnerability. The ISE device contains a TCP Dump option for analyzing traffic on the device. By...

HP System Management Homepage vulnerable to a denial-of-service condition

Overview HP System Management Homepage 7.2.0.14 and possibly earlier versions contain a denial-of-service vulnerability CWE-121. Description CWE-121: Stack-based Buffer Overflow HP System Management Homepage 7.2.0.14 contains a denial-of-service vulnerability. The remote attacker may send the...

C2 WebResource web interface XSS vulnerability

Overview The C2 WebResource web interface contains a XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'The C2 WebResource web interface is vulnerable to XSS on the following URL and parameter:...

OTRS contains a cross-site scripting vulnerability

Overview Open Technology Real Services OTRS contains a cross-site scripting XSS CWE-79 vulnerability in the body of HTML emails viewed within the OTRS application. Description OTRS is an open source Help Desk and ITIL® V3 compliant IT Service Management platform.OTRS Security Advisory 2012-03...

osCommerce v2.3.1 with PayPal website payments standard module v1.0 design vulnerability

Overview osCommerce 2.3.1 and possibly other versions with the PayPal website payments standard module is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that osCommerce 2.3.1 using the PayPal websit...

CuteSoft Cute Editor 6.4 reflected cross site scripting

Overview CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting XSS CWE-79 vulnerability. Description CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting XSS CWE-79 vulnerability. The GET request parameter called UploadID...

Symantec Endpoint Protection network threat protection module Microsoft IIS denial of service vulnerability

Overview Symantec Endpoint Protection SEP Network Threat Protection module running on a Microsoft Internet Information Services IIS webserver contains a denial of service vulnerability when probed by an audit tool. Description Symantec Security Advisory SYM12-007 states:Overview Versions of...

Hewlett-Packard printers and scanner devices allow remote unautheticated firmware updates

Overview A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. Description Certain Hewlett-Packard Printers and Hewlett-Packard Digital Senders products allow the device's firmware to be updated over the network. T...

Iceni products PDF parser stack buffer overflow

Overview Iceni Argus and Infix contain a stack buffer overflow in the handling of flate-compressed PDF content, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Iceni Argus is a PDF conversion library. Argus 6.20 and earlier fail to...

Mercator SENTINEL SQL injection allows authentication bypass

Overview Mercator SENTINEL contains an SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges. Description Mercator SENTINEL is a flight safety management system. The login form of the web interface contains an SQL...

RSLinx Classic EDS Wizard buffer overflow vulnerability

Overview Rockwell Automation RSLinx Classic EDS Hardware Installation Tool contains a buffer overflow vulnerability. Description According to Rockwell Automation's website: RSLinx Classic provides plant-floor device connectivity for a wide variety of Rockwell Software applications such as RSLogix...

PivotX password reset vulnerability

Overview The PivotX web content management system 2.2.3 and earlier is affected by a password reset vulnerability. Description PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be...

AWStats fails to properly handle "\\" when specifying a configuration file directory

Overview AWStats fails to properly handle "\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share. Description From the AWStats project website: "AWStats is a free powerful and featureful tool that...

OSIsoft PI Server provides an insecure authentication mechanism

Overview OSIsoft PI Server provides an insecure authentication mechanism that could allow attackers to read or modify information in databases. Description PI Server is a core component of the OSIsoft PI System.According to a report from C4 Security, OSISoft release notes login required for PI...

Adobe Flash unspecified code execution vulnerability

Overview Adobe Flash contains an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash contains a vulnerability that can result in memory corruption, which can allow arbitrary code execution. See also Adobe Security Advisory...

libpng stalls on highly compressed ancillary chunks

Overview Libpng stalls and consumes large quantities of memory while processing certain Portable Network Graphics PNG files. Description When processing PNG files containing highly compressed ancillary chunks, the pngdecompresschunk function in libpng can consume large amounts of CPU time and...

Foxit Reader contains multiple vulnerabilities in the processing of JPX data

Overview Foxit Reader contains multiple vulnerabilities that may allow an attacker to execute arbitrary code. Description Foxit Reader is software designed to view Portable Document Format PDF files. Foxit Reader contains multiple vulnerabilities in the handling of JPX JPEG2000 streams. These...

Gear Software CD DVD Filter driver privilege escalation vulnerability

Overview The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allow an attacker to gain SYSTEM privileges. Description Gear Software provides a driver called CD DVD Filter, which is provided by GEARAspiWDM.sys. This driver is used by multiple CD/DVD...

HP Online Support Services ActiveX DeleteSingleFile() arbitrary file deletion

Overview The HP Online Support Services ActiveX control contains a method called DeleteSingleFile. This may allow a remote, unauthenticated attacker to remove files from a vulnerable system. Description HP Services provides online product support services including HP Instant Support. The...

Apple Safari WebKit fails to properly handle a crafted URL

Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute script in the context of another site.. Description According to Apple Safari 3.1.1: An issue exists in WebKit's handling of URLs containing a colon character in the host name. Openi...

X.Org PCF font parser buffer overflow

Overview A vulnerability in the X.Org server could allow a remote attacker to execute arbitrary code on an affected system. Description The X.Org project provides an open source implementation of the X Window System. The server supports bitmapped fonts in various formats, including Portable...

RealNetworks RealPlayer ActiveX controls property heap memory corruption

Overview Multiple RealPlayer ActiveX controls fail to properly handle properties, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer provides multiple ActiveX controls to allow integration with Internet Explorer...

Gesytec Easylon OPC Server fails to properly validate OPC server handles

Overview The Gesytec Easylon OPC Server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service condition. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects used in the process control and...

Apple QuickTime buffer overflow vulnerability

Overview Apple QuickTime contains a stack buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime can display PICT images.From Apple Article ID: 306896 "About the...

Cisco IOS LPD buffer overflow vulnerability

Overview The Cisco IOS Line Printer Daemon contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition . Description The Cisco IOS includes support for the UNIX Line Printer Daemon...

Mozilla Firefox URI filtering vulnerability

Overview Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characte...

Adobe Flash Player FLV integer overflow

Overview A vulnerability in the Adobe Flash Player could allow a remote attacker to execute arbitrary code on an affected system. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. An integer...

RealNetworks players SMIL "wallclock" buffer overflow

Overview A buffer overflow in RealNetworks media players could allow a remote attacker to execute arbitrary code on an affected system. Description The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These players support multipl...

Novell NetWare NFS denial of service vulnerability

Overview The Novell NetWare NFS mount daemon contains a denial of service vulnerability. Description Network File System NFS is an ONC RPC based file and print sharing protocol. Novell Netware includes support for the NFS protocol.From Novell Support Document 3008097: If an NFS client attempts a...

Microsoft Exchange Outlook Web Access UTF character set label script injection vulnerability

Overview Microsoft Exchange Outlook Web Access OWA fails to properly handle the UTF character set label, which can allow a remote, unauthenticated attacker to execute script within the security context of the OWA user. Description OWA allows users to access their email accounts on a Microsoft...

Microsoft Windows Kernel vulnerable to privilege escalation

Overview The Microsoft Windows Kernel contains a privilege escalation vulnerability that may allow a local attacker to take control of the system. Description The Microsoft Windows Kernel fails to properly set permissions when mapping to a memory segment. By running a specially crafted applicatio...

McAfee ePolicy Orchestrator and ProtectionPilot ActiveX control buffer overflow vulnerability

Overview A vulnerability in an ActiveX control provided with the McAfee ePolicy Orchestrator and ProtectionPilot software could allow a remote attacker to execute arbitrary code on an affected system. Description The McAfee ePolicy Orchestrator and ProtectionPilot are applications that are design...