3704 matches found
Microsoft Office fails to properly parse malformed chart records
Overview A vulnerability in the way Microsoft Office parses files containing malformed chart records may lead to execution of arbitrary code. Description Microsoft Office fails to properly handle malformed chart records. According to Microsoft Security Bulletin MS06-062:When Office opens a...
Cisco IOS fails to properly verify the VTP configuration revision number
Overview Cisco IOS fails to properly verify the VTP configuration revision number. This vulnerability may allow a remote, unauthenticated attacker to prevent changes to the VLAN database from being properly propagated throughout the VTP domain. Description Cisco's VLAN Trunking Protocol VTP...
gzip contains a buffer underflow
Overview The gzip program contains a buffer underflow vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files.A buffer underflow vulnerability exists in gzip. An...
gzip contains an array out-of-bounds vulnerability in make_table()
Overview The gzip program contains a stack modification vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition.. Description The gzip program is used to compress and decompress archived files.A stack modification vulnerability exists in gzip. A...
Microsoft Word 2000 malformed record vulnerability
Overview Microsoft Word 2000 contains a memory corruption vulnerability. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running Word 2000. Description Microsoft Word 2000 fails to properly handle malformed records leadin...
Apple Mac OS X ImageIO vulnerable to integer overflow via specially crafted GIF image
Overview The Apple Mac OS X ImageIO framework contains a buffer overflow that may allow a remote attacker to execute arbitrary code on an affected system. Description Apple's ImageIO is an image processing framework that was introduced in Mac OS X 10.4 Tiger. It includes the ability to process...
Apple Mac OS X Open Directory server vulnerable to DoS via an invalid LDAP request
Overview Apple has reported a vulnerability in their version of OpenLDAP that is included in Apple Mac OS X and Mac OS X Server versions 10.4 to 10.4.6. If successfully exploited, this vulnerability would allow an attacker to create a denial-of-service condition. Description OpenLDAP is a popular...
Mozilla contains a buffer overflow vulnerability in crypto.signText()
Overview Mozilla products contain a buffer overflow in the crypto.signText method. This may allow a remote attacker to execute arbitrary code. Description crypto.SignText JavaScript contains a crypto.signText method, which allows the user to digitally sign a text string. The problem The Mozilla...
Mozilla may process content-defined setters on object prototypes with elevated privileges
Overview Mozilla allows content-defined setters on object prototypes to execute with elevated privileges. This may allow a remote attacker to execute arbitrary code. Description Setters A setter is a method in JavaScript that sets the value of a property. The problem The setters in Mozilla are...
Mozilla JavaScript security bypass vulnerability
Overview Mozilla products fail to properly enforce security restrictions in JavaScript. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Mozilla Foundation Security Advisory 2006-28:The security check in jsValueToFunctionObject ca...
Symantec VERITAS NetBackup Volume Manager daemon buffer overflow
Overview The Symantec VERITAS NetBackup Volume Manager daemon contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Symantec VERITAS NetBackup Symantec VERITAS NetBackup is a client/server based backup software solution...
IBM Lotus Notes ZIP file handling buffer overflow
Overview IBM Lotus Notes contains a buffer overflow when handling a ZIP file with a large file name. This could allow a remote attacker to execute arbitrary code on a vulnerable system. Description IBM Lotus Notes is an integrated client application that provides functionality including email,...
Microsoft embedded web font buffer overflow
Overview A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded w...
Microsoft Windows FTP client does not properly validate received file names
Overview An input validation error in the Microsoft Windows FTP Client may allow a remote attacker to write files to arbitrary locations and may allow the execution of arbitrary code. Description The Microsoft Windows FTP Client does not properly validate the names of received files. If a remote...
WebEOC contains multiple SQL injection vulnerabilities
Overview WebEOC contains multiple SQL injection vulnerabilities that may allow attackers to execute sql queries, potentially viewing or modifying data, or executing database commands. Description WebEOC is a web-based crisis information management application that provides functions to gather,...
Apple Web Kit-based browsers may allow remote access to local filesystem contents
Overview Web browsers based on AppleWebKit may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browsers that allow remote web sites to reference content that resides...
Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs
Overview Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Description The OS X Directory Services have three utilities chpass, chfn, and chsh to update information in the user database, such as user name,...
Microsoft Word contains a buffer overflow vulnerability
Overview Microsoft Word contains a vulnerability that may result in the execution of code on the system with the privileges of the current user. Description Microsoft Word contains a vulnerability that may be exploited by opening a maliciously-crafted word document. Successful exploitation would...
NotifyLink web client fails to adequately restrict access to administrative functions
Overview The NotifyLink web interface contains a vulnerability that allows authenticated normal users to access functions that have been disabled by an administrator. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...
Apple Mac OS X vulnerable to buffer overflow in ColorSync ICC color profile handling
Overview Apple's Mac OS X operating system contains a flaw in the handling of ICC color profiles, which may allow arbitrary code execution through a heap-based buffer overflow. Description The Apple Mac OS X operating system contains support for ICC color profiles in the ColorSync component. This...
BIND 8.4.4 and 8.4.5 vulnerable to buffer overflow in q_usedns
Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A buffer overflow err...
Samba vulnerable to integer overflow processing file security descriptors
Overview Samba contains an integer overflow vulnerability in code that processes file security descriptors. This could allow an authenticated, remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Samba is an open-source implementation of...
XFree86 vulnerable to buffer overflow via error in 'ReadFontAlias()' function
Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...
Microsoft Windows kernel fails to reset values in CPU data structures
Overview A vulnerability in the Microsoft Windows kernel could allow an attacker to cause a denial-of-service condition. Description The Microsoft Windows kernel is responsible for handling processor resources and system services such as device and memory management. There is a vulnerability in t...
GdkPixbuf ICO parser contains an integer overflow vulnerability
Overview An integer overflow vulnerability exists in the ICO handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user...
Mac OS X Safari "Show in Finder" option may allow arbitrary file execution
Overview Mac OS X Safari "Show in Finder" option may automatically open and execute downloaded files. This could allow an attacker to execute arbitrary code. Description Safari is the default web browser for Mac OS X. Safari has a "Show in Finder" option to allow users to automatically reveal the...
CVS "history" command may disclose sensitive information
Overview A vulnerability exists in the history command of Concurrent Versions System CVS. If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user. Description Concurrent Versions System CVS is a...
FTE fails to properly validate environment variables
Overview FTE contains a vulnerability in the processing of certain environment variables that could allow an attacker to execute arbitrary code. Description FTE is a text editor available for a variety of operating systems. There is a buffer overflow vulnerability in the way FTE performs bounds...
Cisco 6000/6500/7600 series systems fail to properly process layer 2 frames
Overview Cisco 6000/6500/7600 series systems with Multilayer Switch Feature Card 2 MSFC2 fail to properly process layer 2 frames. Description Cisco 6000/6500/7600 series systems with MSFC2 contain a vulnerability in the way layer 2 frames are processed in software. By sending a specially crafted...
Microsoft Exchange Server 2003 fails to assign user credentials to proper mailbox
Overview A flaw in the authentication mechanism that Microsoft Exchange Server 2003 uses for Outlook Web Access users in some configurations could expose another user's mailbox. Description Outlook Web Access OWA is a feature of Microsoft Exchange Server 2003. By using OWA, a server that is runni...
Microsoft Data Access Components (MDAC) contains buffer overflow
Overview Microsoft Data Access Components MDAC contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a denial of service. Description From Microsoft Security Bulletin MS04-003:Microsoft Data Access Components MDAC is a collection of...
OpenCA libCheckSignature function fails to properly verify the signature of certificates
Overview OpenCA may accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA. Description The OpenCA PKI Development Project is a Certification Authority. A vulnerability exists in the way the libCheckSignature function compares the certificate ...
tcpdump contains vulnerability in RADIUS decoding function print_attr_string() in print-radius.c
Overview tcpdump contains a vulnerability in the way it parses Remote Authentication Dial In User Service RADIUS packets. Description tcpdump is a widely used network sniffer that is capable of decoding RADIUS packets. A vulnerability exists in the way the tcpdump printattrstring function in...
Multiple vulnerabilities in S/MIME implementations
Overview Multiple vulnerabilities exist in different vendors' S/MIME Secure/Multipurpose Internet Mail Extensions implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code. Description The U.K. National...
HP-UX "passwd" utility may corrupt password file
Overview The HP-UX "passwd" utility contains a denial-of-service vulnerability. Description The HP-UX "passwd" utility is used to make changes to a user's authentication credentials. A vulnerability in "passwd" may allow a local attacker to corrupt the password file. --- Impact An attacker may be...
Cisco VPN 3000 Concentrator may allow access to internal hosts when IPsec over TCP is enabled
Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to access systems that should not be accessible. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed...
Mac OS X LDAP plugins transmit user credentials in clear text
Overview Versions 10.2 and later of Apple's MacOS X operating system include support for the Lightweight Directory Access Protocol LDAP. A vulnerability in the way some of these versions of MacOS X handle authentication in certain environments could expose user's passwords in plaintext as they're...
ScriptLogic RunAdmin service can allow users to gain administrative access
Overview There is a vulnerability in version 4.01 of ScriptLogic that may allow local or domain users to gain administrative access to workstations running the ScriptLogic RunAdmin service. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabiliti...
Buffer Overflow in mod_ssl
Overview A buffer overflow exists in modssl. Description modssl is an Apache module that allows secure connections over X.509 authenticated channels. A buffer overflow exists in the sslcompatdirective function. For more detailed information, please see the original vulnerability report. --- Impac...
IBM AIX "secldapclntd" daemon authentication vulnerability
Overview A vulnerability in the secldapclntd daemon in IBM's AIX operating system could allow unauthorized remote users to modify accounts on the system. Description According to the IBM bulletin for this issue:"The secldapclntd daemon accepts requests from the LDAP load module, forwards requests...
The ISS RealSecure Network Sensor fails to properly process certain types of DHCP traffic.
Overview ISS RealSecure Network Sensor "informational signatures" fail to properly process certain types of DHCP traffic, thereby causing the sensor to crash. Description The ISS RealSecure Network Sensor fails to properly process certain types of DHCP traffic. If the sensor processes certain typ...
Apache allows arbitrary code execution via crafted POST request containing MS-DOS device name
Overview Due to a flaw in the Apache web server's handling of MS-DOS device names, an attacker may be able to remotely execute code on systems running the Apache web server under some versions of Microsoft Windows. Description The Apache HTTP server fails to filter POST requests for MS-DOS style...
Microsoft Virtual Machine incorrectly parses the domain portion of URLs containing a colon
Overview Some versions of the Microsoft virtual machine Microsoft VM contain a flaw that could allow untrusted Java applets from an attacker's site to be run instead of the trusted applet from the intended site. Description The Microsoft virtual machine Microsoft VM enables Java programs to run o...
Lotus Domino web server vulnerable to buffer overflow via long HTTP authentication header containing non-ASCII characters
Overview A remotely exploitable buffer overflow exists in versions of IBM's Lotus Domino web server prior to R5.0.10. Description A remotely exploitable buffer overflow exists in the Lotus Domino web server. The overflow can occur as the result of an overly long HTTP Authenticate header containin...
wget contains directory traversal vulnerability
Overview The wget utility contains directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the server provides the requested...
Microsoft Windows XMLHTTP component allows remote access to local data sources
Overview The Microsoft XMLHTTP ActiveX control allows unauthorized reading of any known file on a system. A victim must be enticed to visit a malicious site in order to be attacked. Description Description from MS02-008:Microsoft XML Core Services MSXML includes the XMLHTTP ActiveX control, which...
Alchemy Eye HTTP Server does not adequately validate user input thereby allowing remote command execution
Overview Alchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution. Description Alchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP...
DansGuardian content filtering proxy fails to adequately validate user input thereby allowing user to access restricted site via hex encoded URLs
Overview DansGuardian does not properly filter Description DansGuardian is an HTTP proxy server based on Squid and enhanced to filter web content. DansGuardian does not properly process URLs that contain certain unspecified hexadecimal encodings, resulting in incomplete filtering of HTTP response...
Sun Solaris ptexec does not adequately validate argument passed via -o option
Overview The Sun Solaris ptexec command is subject to a buffer overflow due to not adequately validating arguments passed via the -o option. Description A locally exploitable buffer overflow exists in the ptexec command which is included in the SUNWvts package. This package is not included in the...
FreeBSD privilege elevation vulnerability
Overview A locally exploitable privilege elevation vulnerability exists in FreeBSD. Description A locally exploitable privilege elevation vulnerability exists in FreeBSD. For more information, please see the Pine Internet Security Advisory. --- Impact A local user can gain root privileges. ---...