Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available

Overview Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available. This vulnerability may allow traffic to be weakly encrypted. Description Secure Transport refers to Apple’s implementation of SSL and TLS that is used by Mac OS X to create secure connections...

GNU gv buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in the GNU gv viewer application. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description From the GNU gv website:GNU gv allows to view and navigate through...

Mozilla XML.prototype.hasOwnProperty() method memory corruption vulnerability

Overview Mozilla products fail to properly handle the XML.prototype.hasOwnProperty method. This vulnerability may allow a remote attacker execute arbitrary code. Description The ECMAScript for XML E4X Specification defines the XML.prototype.hasOwnProperty as a JavaScript method used to determine ...

X.Org fails to check for setuid failure on Linux systems

Overview Programs distributed as part of the X.Org software distribution fail to properly handle test results for effective user ID. This vulnerability may lead to privilege escalation. Description Linux, like most Unix systems, provides a system call, setuid, to set the effective user ID of a...

Integer overflow vulnerability in Asterisk driver for Cisco SCCP-enabled phones

Overview Asterisk contains an integer overflow vulnerability. This vulnerability may allow an attacker to run arbitrary code. Description Asterisk is an open-source PBX software package that provides voicemail, three-way calling, and other features. Skinny Client Control Protocol SCCP is a...

Oracle MDSYS.SDO_LRS package vulnerable to PL/SQL injection

Overview The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection...

Oracle DISABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle DISABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle DISABLEHIERARCHYINTERNAL procedure fails to...

Apple AirPort wireless vulnerable to buffer overflow

Overview Two buffer overflow vulnerabilities exist in Apple AirPort wireless drivers. If exploited, this vulnerability may allow an attacker to execute arbitrary code. Description According to Apple:Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed...

gzip contains an array out-of-bounds vulnerability in make_table()

Overview The gzip program contains a stack modification vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition.. Description The gzip program is used to compress and decompress archived files.A stack modification vulnerability exists in gzip. A...

Microsoft Visual Basic for Applications buffer overflow

Overview Microsoft Visual Basic for Applications fails to properly validate document properties. This vulnerability could allow a remote attacker to execute arbitrary code. Description Visual Basic For Applications VBA According to Microsoft Security Bulletin MS06-047: Microsoft VBA is a...

Apple Mac OS X ImageIO vulnerable to integer overflow via specially crafted GIF image

Overview The Apple Mac OS X ImageIO framework contains a buffer overflow that may allow a remote attacker to execute arbitrary code on an affected system. Description Apple's ImageIO is an image processing framework that was introduced in Mac OS X 10.4 Tiger. It includes the ability to process...

Mozilla products fail to properly handle frame references

Overview Mozilla products fail to properly handle frame or window references. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description JavaScript references are not properly cleared after an object is deleted. An attacker may be able to use the reference to a...

Adobe Acrobat fails to properly convert files to PDF

Overview A vulnerability exists in Adobe Acrobat that may allow an attacker to execute arbitrary code. Description Adobe Acrobat contains a buffer overflow in the code that converts files to PDF. If an attacker can convince a user to create a PDF using specially-crafted input, that attacker may b...

Gracenote CDDB ActiveX control buffer overflow

Overview The Gracenote CDDB ActiveX control contains a buffer overflow vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description CDDB CDDB CD Data Base is an internet database provided by Gracenote. CDDB contains track lists and other informati...

Mozilla products vulnerable to memory corruption via a particular sequence of HTML tags

Overview A vulnerability in the way Mozilla products and derivative programs handle certain HTML tags could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability has been discovered in the way that Mozilla and derived programs handle certain HTML...

Symantec VERITAS NetBackup Volume Manager daemon buffer overflow

Overview The Symantec VERITAS NetBackup Volume Manager daemon contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Symantec VERITAS NetBackup Symantec VERITAS NetBackup is a client/server based backup software solution...

Winamp fails to properly handle playlists with long "file" parameter

Overview Winamp contains a buffer overflow vulnerability when processing a playlist that has a long file parameter. This may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Winamp Winamp is a media player for Microsoft Windows systems. It can...

Clam AntiVirus vulnerable to memory corruption via specially crafted UPX packed file

Overview A vulnerability in the ClamAV antivirus toolkit may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Clam AntiVirus is an antivirus toolkit for Unix-like systems that is commonly integrated with mail servers for email attachment scanning. It supports ...

Microsoft embedded web font buffer overflow

Overview A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded w...

Skype VCARD handling routine contains a buffer overflow

Overview A buffer overflow in the way Skype handles imported VCARDs may allow a remote attacker to execute code on a vulnerable system. Description Skype software provides telephone service over IP networks. Skype fails to properly validate imported VCARDs, allowing a buffer overflow to occur. Th...

Oracle HTTP Server vulnerability

Overview An unspecified vulnerability in Oracle's HTTP Server Apache may allow a remote, unauthenticated attacker to compromise system confidentiality, integrity, and availability. Description Oracle Application Server and Database Server includes Apache as an HTTP server. There is an vulnerabili...

MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function

Overview An unauthenticated attacker can cause krb5recvauth function to free a block of memory twice, possibly leading to arbitrary code execution. Description Kerberos is a network authentication system that uses a trusted third party a KDC to authenticate clients and servers to each other. It i...

Apple Web Kit-based browsers may allow remote access to local filesystem contents

Overview Web browsers based on AppleWebKit may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browsers that allow remote web sites to reference content that resides...

Cisco IOS Easy VPN Server fails to properly process ISAKMP profile attributes

Overview Cisco IOS Easy VPN Server fails to properly process ISAKMP profile attributes. This may allow a remote, unauthenticated attacker to access the private network. Description Easy VPN Server Cisco IOS Easy VPN Server allows an IOS device to function as a VPN concentrator, providing...

Mozilla fails to properly prevent "JavaScript:" URIs containing "eval()" from being executed in the context of other URIs in the history list

Overview Mozilla fails to properly restrict the execution of javascript: URIs. The impact is similar to that of a cross-site scripting vulnerability, which allows an attacker to access data in other sites. Description Mozilla uses a same origin security model to maintain separation between browse...

Apple Cocoa applications vulnerable to denial of service via malformed TIFF image

Overview Apple Mac OS X applications using the Cocoa environment may quit due to an unhandled exception in TIFF image handling routines. Description Mac OS X applications may take advantage of the Cocoa programming environment, which is described by Apple as "an object-oriented application...

WinAmp contains a flaw in metadata handling in .mpa and .mp4 files

Overview WinAmp contains a flaw which may allow an attacker to crash WinAmp remotely via .mpa or .mp4 files. Description Nullsoft's WinAmp Player, a popular multimedia system for Microsoft Windows, contains a flaw in the handling of the metadata called "tags" contained within .mpa and .mp4 files...

BIND 8.4.4 and 8.4.5 vulnerable to buffer overflow in q_usedns

Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A buffer overflow err...

Samba vulnerable to integer overflow processing file security descriptors

Overview Samba contains an integer overflow vulnerability in code that processes file security descriptors. This could allow an authenticated, remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Samba is an open-source implementation of...

FreeBSD syscons fails to properly validate input in "CONS_SCRSHOT" ioctl

Overview The FreeBSD syscons CONSSCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information. Description Syscons is the default console driver for FreeBSD. It provides...

Apple QuickTime Streaming Server vulnerable to DoS

Overview There is a vulnerability in the Apple QuickTime Streaming Server that could allow a remote attacker to cause a denial-of-service condition. Description Apple's QuickTime Streaming Server provides an integrated distribution mechanism for various forms of digital content. There is a...

Microsoft Internet Explorer window.createPopup() method creates chromeless windows

Overview The Internet Explorer IE window.createPopup method creates chromeless popup windows. These windows can be used to spoof the user interface in Internet Explorer, any Windows application, or the Windows desktop. Description The visible area of a web browser window can be categorized into t...

Mac OS X Safari "Show in Finder" option may allow arbitrary file execution

Overview Mac OS X Safari "Show in Finder" option may automatically open and execute downloaded files. This could allow an attacker to execute arbitrary code. Description Safari is the default web browser for Mac OS X. Safari has a "Show in Finder" option to allow users to automatically reveal the...

Microsoft Outlook Web Access contains vulnerability in HTML redirection query

Overview A cross-site scripting vulnerability in Microsoft Exchange 5.5 Outlook Web Access OWA could allow an attacker to execute arbitrary scripting code in the victim's browser. Description Outlook Web Access OWA is a component of Microsoft Exchange. By using OWA, a server that is running...

Juniper JUNOS Packet Forwarding Engine (PFE) IPv6 memory leak

Overview The Juniper JUNOS Packet Forwarding Engine PFE leaks memory when certain IPv6 packets are submitted for processing. If an attacker submits multiple packets to a vulnerable router running IPv6-enabled PFE, the router can be repeatedly rebooted, essentially creating a denial of service for...

FTE fails to properly validate environment variables

Overview FTE contains a vulnerability in the processing of certain environment variables that could allow an attacker to execute arbitrary code. Description FTE is a text editor available for a variety of operating systems. There is a buffer overflow vulnerability in the way FTE performs bounds...

util-linux login program discloses sensitive information

Overview util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information. Description util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, su...

OpenCA libCheckSignature function fails to properly verify the signature of certificates

Overview OpenCA may accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA. Description The OpenCA PKI Development Project is a Certification Authority. A vulnerability exists in the way the libCheckSignature function compares the certificate ...

Microsoft Data Access Components (MDAC) contains buffer overflow

Overview Microsoft Data Access Components MDAC contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a denial of service. Description From Microsoft Security Bulletin MS04-003:Microsoft Data Access Components MDAC is a collection of...

RealNetworks media server RTSP protocol parser buffer overflow

Overview RealNetworks Helix Universal Server 9 media servers contain a buffer overflow in a RTSP protocol parser. Earlier versions of their media servers are also affected: RealSystem Server 7, 8, and RealServer G2. Description RealNetworks Helix Universal Server 9 media server is software which...

HP-UX "passwd" utility may corrupt password file

Overview The HP-UX "passwd" utility contains a denial-of-service vulnerability. Description The HP-UX "passwd" utility is used to make changes to a user's authentication credentials. A vulnerability in "passwd" may allow a local attacker to corrupt the password file. --- Impact An attacker may be...

IBM AIX vulnerable to DoS

Overview A denial-of-service vulnerability in AIX may allow a remote attacker to consume 100% of the CPU. Description AIX is a UNIX operating system distributed by IBM. A vulnerability in AIX 4.3.3 may allow a remote attacker to cause a denial of service. For more information, please see IBM APAR...

Buffer overflow in Snort RPC preprocessor

Overview There is a buffer overflow vulnerability in the RPC preprocessing feature of Snort versions 1.8 through 1.9.0 and 2.0 beta. Description Martin Roesch, the primary Snort developer, described the vulnerability by saying:When the RPC decoder normalizes fragmented RPC records, it incorrectly...

Apache allows arbitrary code execution via crafted POST request containing MS-DOS device name

Overview Due to a flaw in the Apache web server's handling of MS-DOS device names, an attacker may be able to remotely execute code on systems running the Apache web server under some versions of Microsoft Windows. Description The Apache HTTP server fails to filter POST requests for MS-DOS style...

ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received

Overview A vulnerability in the Internet Software Consortium's "dhcrelay" makes it possible for a remote attacker to use dhcrelay to launch a denial-of-service attack against a victim dhcp server. Description The Internet Software Consortium ISC produces a "freely redistributable reference...

Microsoft Locator service contains buffer overflow

Overview A remotely exploitable buffer overflow exists in the Microsoft Locator service. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Locator service "maps logical names to network-specific names". Quoting from...

Sun KCMS library service daemon does not adequately validate location of KCMS profiles

Overview The Sun KCMS library service daemon, kcmsserver, does not adequately validate the location of KCMS profile files. This could allow a remote attacker to read arbitrary files on a vulnerable system. Description Sun Solaris contains support for the Kodak Color Management System KCMS, an...

wget contains directory traversal vulnerability

Overview The wget utility contains directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the server provides the requested...

WebCalendar does not adequately validate user input

Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...

DansGuardian content filtering proxy fails to adequately validate user input thereby allowing user to access restricted site via hex encoded URLs

Overview DansGuardian does not properly filter Description DansGuardian is an HTTP proxy server based on Squid and enhanced to filter web content. DansGuardian does not properly process URLs that contain certain unspecified hexadecimal encodings, resulting in incomplete filtering of HTTP response...