3704 matches found
wget contains directory traversal vulnerability
Overview The wget utility contains directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the server provides the requested...
Alchemy Eye HTTP Server does not adequately validate user input thereby allowing remote command execution
Overview Alchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution. Description Alchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP...
X11 vulnerable to buffer overflow in handling of -xrm option
Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...
Uudecode performs inadequate checks on user-specified output files
Overview The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes. Description The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for...
Network Associates PGP Outlook Plug-in contains buffer overflow in decoding mechanism
Overview A remotely exploitable buffer overflow exists in the Network Associates PGP Outlook Plug-in. Description As reported in eEye Digital Security Advisory AD20020710, a remotely exploitable buffer overflow exists in the PGP Outlook Plug-in. By sending a specially crafted message to a victim,...
Yahoo! Messenger contains buffer overflow in "IMvironment" field
Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "imv" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "imv" field that may permit a remote attacker to execute arbitrary code ...
ISC BIND 9 fails to process additional data chains in responses correctly thereby causing the server to fail an internal consistency check
Overview A denial-of-service vulnerability exists in version 9 of the Internet Software Consortium's ISC Berkeley Internet Name Domain BIND server. ISC BIND versions 8 and 4 are not affected. Exploiting this vulnerability will cause vulnerable BIND servers to shut down. Description BIND is an...
ISC DHCPD contains format string vulnerability when logging DNS-update requests
Overview The DHCP daemon DHCPD is a server that is used to allocate network addresses and assign configuration parameters to dynamically configured hosts. A format string vulnerability may permit an intruder to execute code with the privileges of the DHCP daemon typically root. Description The...
PHP contains vulnerability in "php_mime_split" function allowing arbitrary code execution
Overview Vulnerabilities in PHP versions 3 and 4 could allow an intruder to execute arbitrary code with the privileges of the web server. Description PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium,...
Microsoft Internet Explorer download dialog may not display complete filenames
Overview There is a vulnerability in the download dialog box in Internet Explorer versions 5.5 and 6.0. The vulnerability allows an attacker to mislead users, causing them to inadvertently execute arbitrary code on the user's system. Description When downloading files included in web pages, users...
Tripwire vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview Tripwire is a file integrity verification utility for Unix and Linux operating systems. In some implementations, tripwire opens insecure temporary files with predictable names in publically-writable directories. Using a symbolic link attack, a local intruder may overwrite or create...
Digital Unix msgchk vulnerable to file contents disclosure via symlink redirection of profile
Overview msgchk, a part of the MH mail system, reads the user's .mhprofile in order to obtain configuration options. If the .mhprofile is linked to another file with illegal format, the first line of that file will be displayed in an error message by msgchk. Description msgchk is the portion of t...
RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL
Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle null characters contained in a URL. A specially crafted request may cause ACE/Agent to enter a debugging mode, possibly...
IBM AIX line printer daemon contains a buffer overflow in chk_fhost()
Overview The Line Printer daemon lpd shipped with AIX systems contains a buffer overflow in chkfhost that potentially allow a malicious remote user to gain root privileges. Description A buffer overflow exists in the chkfhost function of the line printer daemon lpd on AIX systems. An intruder cou...
Hewlett-Packard Virtual Vault OS (VVOS) contains vulnerability in mkacct program
Overview There is a vulnerability in the /sbin/mkacct program, part of Hewlett Packard's Virtual Vault Operating System VVOS. Description Virtual Vault is an environment "designed for use in the financial services, telecommunications, manufacturing, and retail industries to provide services such ...
TrendMicro InterScan WebManager contains buffer overflow in RegGo.dll
Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan WebManager. Description InterScan WebManager is an application that inspects http traffic flowing into a network for known malicious code. This application also has the capability to restrict access to...
Linux kernel does not properly validate user input via sysctl for negative value
Overview Unprivileged local users can exploit the sysctl Linux kernel program to gain privileged access. Description A program called sysctl in the Linux kernel allows a privileged local user to read or write runtime system settings. Unprivileged local users are also allowed to use sysctl to read...
Multiple versions of OpenLDAP are vulnerable to denial-of-service attacks
Overview Multiple versions of OpenLDAP contain vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to follow the...
Microsoft Internet Information Server (IIS) discloses contents of files via crafted request for .htr file
Overview A vulnerability exists in Microsoft Internet Information Server IIS which could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable by remote users. Sensitive information contained in such a fi...
KDE2 kdesu 'keep password' option does not verify socket listener potentially exposing su password
Overview kdesu is a interactive interface to the substitute user su command for the KDE environment. To pass authentication information, it creates a file that may be read by unauthorized users. Description kdesu communicates with su using a socket, implemented as a file in /tmp with a predictabl...
Filemaker Pro 5.0v3 and below does not adequately protect web-enabled databases
Overview FileMaker may expose data inadvertently. Description FileMaker Web Companion prior to version 5.0v4 permits unauthorized access to data even if the database manager believes that data is protected by Field Level Security. --- Impact Attackers can read information, including items such as...
statd bounce vulnerability
Overview statd allows access to RPC services it shouldn't. Description Background rpc.statd and rpc.lockd are designed to work in conjunction with each other to manage NFS lock information in the event of a crash of an NFS client or server. The rpc service rpc.statd is a program designed to...
Notes default ECL allows execution of unsigned code
Overview Lotus Notes prior to version 5.02, had permissive ECLs that allow for the execution of malicious mail messages. Description A Notes ECL is a list consisting of a Notes Username and a set of permissions from the following list for Notes 4.6.x: Access to file system Access to current...
Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access
Overview The Lemur Vehicle Monitors BlueDriver is an aftermarket automotive device that connects to a vehicle's OBD-II port and provides information about the vehicle's performance. The BlueDriver does not require a PIN for Bluetooth access, which allows anyone in range to send arbitrary commands...
OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities
Overview Studio for OrientDB Server Community Edition version prior to version 2.1.1 contains several vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2015-2912The Studio web interface to OrientDB contains a CSRF vulnerability. An attacker can perform actions with the...
Fiat Chrysler Automobiles UConnect allows a vehicle to be remotely controlled
Overview Fiat Chrysler Automobiles FCA UConnect may allow a remote attacker to control physical vehicle functions. Description According to a WIRED news article, an unknown vulnerability in FCA UConnect software allows some functions of recent models of Jeep Cherokee to be controlled by a remote...
Aptexx Resident Anywhere exposes sensitive account information
Overview Aptexx Resident Anywhere does not require authentication to view and modify sensitive information contained in direct account and payment URLs, which can be leveraged to bypass authentication and access user accounts. Description CWE-288:Authentication Bypass Using an Alternate Path or...
Blue Coat SSL Visibility Appliance contains multiple vulnerabilities
Overview Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities. Description Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities.CWE-352: Cross-Site...
Ektron Content Management System (CMS) contains multiple vulnerabilities
Overview Ektron Content Management System CMS versions 8.5, 8.7, and 9.0 contain a XXE and a resource injection vulnerability. Description Note: A prior version of this report indicated incorrectly that Ektron CMS version 9.1 was vulnerable. The vendor indicated that the last version to ship with...
Huawei E355 contains a stored cross-site scripting vulnerability
Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected...
Alfresco Enterprise contains multiple cross-site scripting vulnerabilities
Overview Alfresco Enterprise 4.1.6 and possibly earlier versions are vulnerable to multiple cross-site scripting XSS vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Alfresco Enterprise is vulnerable to a stored cross-site...
Google Search Appliance dynamic navigation cross-site scripting vulnerability
Overview Google Search Appliance GSA devices contain a cross-site scripting XSS vulnerability when dynamic navigation is enabled. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Google Search Appliance versions earlier than 7.2.0.G.114 and...
Adobe ColdFusion is vulnerable to cross-site scripting via the logviewer directory
Overview Adobe ColdFusion 10 update 11 and possibly earlier versions contain a reflected cross-site scripting XSS CWE-79 vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Adobe ColdFusion 10 update 11 and possibly earlier version...
Cisco Identity Services Engine contains an input validation vulnerability
Overview Cisco Identity Services Engine contains an input validation vulnerability CWE-20. Description CWE-20: Improper Input Validation Cisco Identity Services Engine ISE contains an input validation vulnerability. The ISE device contains a TCP Dump option for analyzing traffic on the device. By...
Wave EMBASSY Remote Administration Server SQL injection vulnerabilities
Overview The Wave EMBASSY Remote Administration Server ERAS contains the ERAS Help Desk application that fails to filter user input allowing for the exploitation of SQL injection vulnerabilities. These vulnerabilities may allow a remote authenticated attacker to execute procedures or SQL queries...
CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent account vulnerability
Overview CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent accounts. Description According to the CoSoSys's website the Endpoint Protector 4 appliance is a DLP product used to prevent users from taking unauthorized data outside the company or bringing...
CuteSoft Cute Editor 6.4 reflected cross site scripting
Overview CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting XSS CWE-79 vulnerability. Description CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting XSS CWE-79 vulnerability. The GET request parameter called UploadID...
Symantec Endpoint Protection network threat protection module Microsoft IIS denial of service vulnerability
Overview Symantec Endpoint Protection SEP Network Threat Protection module running on a Microsoft Internet Information Services IIS webserver contains a denial of service vulnerability when probed by an audit tool. Description Symantec Security Advisory SYM12-007 states:Overview Versions of...
HP Business Service Management 9.12 remote code execution vulnerability
Overview The HP Business Service Management HPBSM application contains a remote code execution vulnerability. Version 9.12 has been reported to be affected but other versions may also be affected. Description HPBSM uses the JBOSS application server. In the default configuration, HPBSM contains op...
NJStar Communicator MiniSmtp packet processing buffer overflow vulnerability
Overview NJStar Communicator MiniSmtp server contains a buffer overflow vulnerability when processing malicious packets. Description According to the NJStar's website, "NJStar Communicator enables Chinese, Japanese and Korean CJK language input, display, print and conversions on your English or...
Mercator SENTINEL SQL injection allows authentication bypass
Overview Mercator SENTINEL contains an SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges. Description Mercator SENTINEL is a flight safety management system. The login form of the web interface contains an SQL...
RSLinx Classic EDS Wizard buffer overflow vulnerability
Overview Rockwell Automation RSLinx Classic EDS Hardware Installation Tool contains a buffer overflow vulnerability. Description According to Rockwell Automation's website: RSLinx Classic provides plant-floor device connectivity for a wide variety of Rockwell Software applications such as RSLogix...
Wireshark DECT dissector vulnerability
Overview Wireshark's DECT dissector contains a remote code execution vulnerability in the context of the user running a packet capture or reading a packet capture file. Description Paul Makowski's report states:/epan/dissectors/packet-dect.c contains a stack-based buffer overflow via a call to...
Cisco Tandberg E, EX, and C Series default root credentials
Overview Cisco's Tandberg C series endpoints and E/EX personal video units that run software versions prior to TC4.0.0 have a root administrator account enabled by default with no password. Description Cisco Advisory cisco-sa-20110202-tandberg states:"This vulnerability affects Tandberg C Series...
AWStats fails to properly handle "\\" when specifying a configuration file directory
Overview AWStats fails to properly handle "\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share. Description From the AWStats project website: "AWStats is a free powerful and featureful tool that...
OSIsoft PI Server provides an insecure authentication mechanism
Overview OSIsoft PI Server provides an insecure authentication mechanism that could allow attackers to read or modify information in databases. Description PI Server is a core component of the OSIsoft PI System.According to a report from C4 Security, OSISoft release notes login required for PI...
Foxit Reader contains multiple vulnerabilities in the processing of JPX data
Overview Foxit Reader contains multiple vulnerabilities that may allow an attacker to execute arbitrary code. Description Foxit Reader is software designed to view Portable Document Format PDF files. Foxit Reader contains multiple vulnerabilities in the handling of JPX JPEG2000 streams. These...
Adobe Reader contains multiple vulnerabilities in the processing of JPX data
Overview Adobe Reader and Acrobat contain multiple vulnerabilities that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF...
RealNetworks player "Lyrics3" buffer overflow
Overview Multiple RealNetworks media players contain a buffer overflow which could allow a remote attacker to execute arbitrary code on an affected system. Description The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These...
Microsoft Agent fails to properly handle specially crafted URLs
Overview Microsoft Agent fails to properly handle specially crafted URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system Description Microsoft Agent is software that provides animated characters to enhance interaction with computer systems...