3704 matches found
Low BandWidth X proxy vulnerable to buffer overflow via crafted display command line option
Overview A locally exploitable buffer overflow exists in the Low BandWidth X proxy. Description The Low BandWidth X proxy is a component of XFree86 a freely redistributable open-source implementation of the X Window System. The Low BandWidth X proxy allows applications to transparently take...
Network Associates PGP Outlook Plug-in contains buffer overflow in decoding mechanism
Overview A remotely exploitable buffer overflow exists in the Network Associates PGP Outlook Plug-in. Description As reported in eEye Digital Security Advisory AD20020710, a remotely exploitable buffer overflow exists in the PGP Outlook Plug-in. By sending a specially crafted message to a victim,...
Microsoft ASP.NET contains buffer overflow
Overview Microsoft ASP.NET contains buffer overflow in routine that handles the processing of cookies in StateServer mode. Description ASP.NET is a programming framework provided by Microsoft. For more details about this framework, please see the official web page.A remotely exploitable buffer...
Cisco Content Service Switch performs soft reset when XML data is sent to web management interface
Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to perform a soft reset on affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional...
AOL Instant Messenger vulnerable to denial of service via crafted file name
Overview AOL Instant Messenger AIM 4.1 and prior are vulnerable to a denial of service vulnerability. A denial of service occurs when filenames that contain a "%s" are sent to a victim. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM...
Netwin Surge FTP Server does not adequately validate user input thereby allowing directory traversal
Overview Surge FTP Server 2.0a contains a directory traversal vulnerability. Description Surge FTP Server 2.0a allows remote users to list files outside the FTP root directory. --- Impact Attackers may list files from directories to which access was not granted. --- Solution Upgrade to version...
PHP contains vulnerability in "php_mime_split" function allowing arbitrary code execution
Overview Vulnerabilities in PHP versions 3 and 4 could allow an intruder to execute arbitrary code with the privileges of the web server. Description PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium,...
Syskey reuses keystream
Overview Versions of SYSKEY in use prior to December, 1999 leave the SAM database vulnerable to cryptanalytic attacks. Description SYSKEY is a utility introduced in Microsoft Windows NT 4.0 service pack 3 to provide strong cryptographic protection to the SAM password database. The protection SYSK...
Digital Unix msgchk vulnerable to file contents disclosure via symlink redirection of profile
Overview msgchk, a part of the MH mail system, reads the user's .mhprofile in order to obtain configuration options. If the .mhprofile is linked to another file with illegal format, the first line of that file will be displayed in an error message by msgchk. Description msgchk is the portion of t...
Netscape vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview During installation, Netscape 6.0.1 creates a temporary file with insecure options and a predictable name in a world-writable location. By using a symbolic link attack, an attacker could cause overwrite of arbitrary files. Description The installation script for Netscape 6.0.1 creates a...
Tripwire vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview Tripwire is a file integrity verification utility for Unix and Linux operating systems. In some implementations, tripwire opens insecure temporary files with predictable names in publically-writable directories. Using a symbolic link attack, a local intruder may overwrite or create...
Common Desktop Environment (CDE) ToolTalk RPC Server rpc.ttdbserverd contains format string vulnerability
Overview A vulnerability exists in CDE ToolTalk that may allow a remote attacker to execute arbitrary code with root privileges. Description Internet Security Systems ISS X-Force has discovered a format string vulnerability in the Common Desktop Environment CDE ToolTalk Remote Procedure Call RPC...
Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the Apache Tomcat Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...
HPUX kmmodreg allows arbitrary file overwriting via symlink redirection of temporary file
Overview The kmmodreg program distributed with some HPUX versions creates two temporary files with predictable names. Due to insecure handling of these files, an intruder may use them to overwrite arbitrary files during system boot via a symbolic link attack. Description The kmmodreg program...
Curses library vulnerable to buffer overflow
Overview The curses library derived from System V contains a buffer overflow. A local user can execute a command that uses this library to exploit the vulnerability and gain elevated privileges. Description There is a buffer overflow in the curses library that could permit a local user to gain...
SSH Secure Shell sshd2 does not adequately authenticate logins to accounts with encrypted password fields containing two or fewer characters
Overview A vulnerability exists in SSH Secure Shell that allows an intruder to log to an account which contains a stored encrypted password of two or fewer characters in length. An intruder may leverage the privileges of such an account to gain full control of the system. Description Certain Unix...
Microsoft Windows 2000 Kerberos service vulnerable to DoS via repeated invalid requests
Overview A core service of Microsoft Windows 2000 domain controllers fails to correctly handle certain invalid requests. After receiving a number of invalid requests, the domain controller may have to be rebooted to return it to correct operation. A disabled domain controller can interfere with t...
AT&T WinVNC allows user access to passwords and configuration via weak registry permissions
Overview The default installation of WinVNC on certain Microsoft Windows systems permits unauthenticated access to the WinVNC service. Description AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be available on the desktop of a remote...
SSH authentication agent follows symlinks via a UNIX domain socket
Overview Older versions of SSH allow local attackers to to establish ssh sessions as the victim user without authentication. Description The text of this document was originally released on January 20, 1998, as SNI-23, developed by Secure Networks, Inc. SNI. To more widely broadcast this...
Filemaker Pro 5.0v3 and below does not adequately protect web-enabled databases
Overview FileMaker may expose data inadvertently. Description FileMaker Web Companion prior to version 5.0v4 permits unauthorized access to data even if the database manager believes that data is protected by Field Level Security. --- Impact Attackers can read information, including items such as...
MIT Kerberos 5 ksu may allow either the '-r' or '-l' time-interval parameter to overflow the stack with the characters ''d', 'h', 'm', or 's'
Overview Description From the reporter: Time-interval parsing for the "-r" and "-l" command-line options calls a library routine which uses sscanf"%d%d" and passes the address of an automatic int variable to correspond to the second %-sequence. But the % sequence needs an arbitrarily large string...
Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs
Overview Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description The Adobe ColdFusion installer fails to set a secure access-control list ACL on the default installation directory, such as...
Aternity version 9 vulnerable to cross-site scripting and remote code execution
Overview The Aternity webserver, version 9 and prior, is reportedly vulnerable to cross-site scripting XSS on several web pages, and remote code execution via inclusion of untrusted functionality by default due to improper authentication before execution. Description CWE-80: Improper Neutralizati...
Patterson Dental Eaglesoft uses a hard-coded database password across installations
Overview Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Description CWE-798: Use of Hard-coded Credentials- CVE-2016-2343 According to the researcher, Eaglesoft uses hard-coded credentials to access a...
Fiat Chrysler Automobiles UConnect allows a vehicle to be remotely controlled
Overview Fiat Chrysler Automobiles FCA UConnect may allow a remote attacker to control physical vehicle functions. Description According to a WIRED news article, an unknown vulnerability in FCA UConnect software allows some functions of recent models of Jeep Cherokee to be controlled by a remote...
Toshiba CHEC contains a hard-coded cryptographic key
Overview Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2014-4875Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key in the...
MicroPact iComplaints cross-site scripting vulnerability
Overview MicroPact iComplaints contains a persistent cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' MicroPact iComplaints contains a persistent cross-site scripting vulnerability. The AddStdLetter.jsp file...
Huawei E355 contains a stored cross-site scripting vulnerability
Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected...
Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities
Overview Symantec Web Gateway 5.1.1.24, and possibly earlier versions, contains cross-site scripting and SQL injection vulnerabilities. Description CVE-2014-1652 -CWE-79: Improper Neutralization of Input During Web Page Generation Symantec Web Gateway 5.1.1.24, and possibly earlier versions,...
Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability
Overview Cisco AsyncOS contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-3289 Cisco AsyncOS, the underlying OS for the Cisco Email Security Appliance, Web Security Applianc...
Unauthorized modification of UEFI variables in UEFI systems
Overview Certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead to bypass of security features and/or denial of service for the platform. Description As discussed in recen...
Fortinet FortiADC D-series contains a cross-site scripting vulnerability
Overview Fortinet FortiADC D-series 3.2.0, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiADC D-series 3.2.0, and possibly earlier versions,...
VASCO IDENTIKEY Authentication Server contains an authentication bypass vulnerability
Overview VASCO IDENTIKEY Authentication Server version 3.4.x contains an authentication bypass vulnerability which could allow an attacker to login to a system without needing the user's Active Directory password credentials. Description CWE-305: Authentication Bypass by Primary WeaknessVASCO's...
L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack
Overview L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack, resulting in information leakage. allowing a local attacker to derive the contents of memory not belonging to the attacker. Description Common L3 CPU shared cache architecture is susceptible to a...
KnowledgeView Editorial and Management application cross-site scripting vulnerability
Overview KnowledgeView Editorial and Management application contains a reflected cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' KnowledgeView Editorial and Management application contains a...
SUSE WebYaST remotely accessible hosts list vulnerability
Overview The WebYaST hosts list is remotely accessible by unauthenticated attackers. An attacker may be able to add a malicious host to the list and perform a man-in-the-middle attack against WebYaST. Description The SUSE security advisory states:The hosts list used by WebYaST for connecting to...
IBM Power 5 Service Processor privilege escalation vulnerability
Overview IBM Power 5 Service Processor contain a vulnerability which could allow an attacker to operate with elevated privileges. Description IBM's security advisory states, "A security issue has been identified on IBM Power 5 Systems such that the firewall code does not get executed in certain...
Xelex Technologies MobileTrack contains multiple vulnerabilities
Overview Xelex Technologies' MobileTrack application has been reported to not verify the source of administrative SMS commands. An unauthenticated remote attacker can send commands over SMS to MobileTrack. User data is also exposed on an insecure FTP server account. Description The website for...
UTC Fire & Security Master Clock contains hardcoded default administrator login credentials
Overview UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock have default administrator login credentials that can not be modified by an administrator. Description UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock via Zigbee can sync up to 60,000 slave clocks located throughout a campus-area...
Microsoft Office uninitialized object pointer vulnerability
Overview Microsoft Office fails to properly handle certain Word documents, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Code in the MSO.dll component of Microsoft Office 2003, 2007, and 2010 fails to properly initialize an object pointer when loading...
Foolabs Xpdf contains a denial of service vulnerability
Overview Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts. Description According to Foolabs: Xpdf is an open source viewer for Portable Document Format PDF files. These are sometimes also called 'Acrobat' files, from the name of...
Adobe Shockwave 11.5.9.615 contains multiple memory corruption vulnerabilities
Overview Adobe Shockwave Player 11.5.9.615 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Macromedia Shockwave Player is...
ISC DHCP server DHCPv6 decline message processing vulnerability
Overview ISC DHCPv6 versions 4.0.x - 4.2.x are susceptible to a denial-of-service vulnerability. Description The ISC Advisory states:"When the DHCPv6 server code processes a message for an address that was previously declined and internally tagged as abandoned it can trigger an assert failure...
ISC DHCP server fails to handle zero-length client identifier
Overview A vulnerability in ISC DHCP could allow a remote attacker to cause the DHCP server to exit, resulting in a denial of service. Description ISC DHCP is a commonly redistributed reference implementation of the Dynamic Host Configuration Protocol DHCP, including a server, client, and relay...
Cyrus SASL library buffer overflow vulnerability
Overview The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash. Description SASL Simple Authentication and Security Layer is a method for adding authentication support to various protocols. SASL is...
Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control stack buffer overflow
Overview The Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Linksys WVC54GC wireless video camera provides an ActiveX control called...
Apple Help Viewer vulnerable to buffer overflow
Overview A vulnerability in the way Apple Help Viewer handles specially crafted URLs may allow an attacker to execute arbitrary code or cause a denial of service. Description According to Apple Security Update 2008-003: An integer underflow in Help Viewer's handling of help:topic URLs may result ...
Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX stack buffer overflows
Overview The Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies, which was formerly known as NCT...
Sun Java WebStart stack buffer overflow
Overview Sun Java WebStart contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Sun Java WebStart is a technology for launching stand-alone Java applications. On Microsoft Windows systems, Java WebStart ...
GE Fanuc Proficy Information Portal transmits authentication credentials in plain text
Overview GE Fanuc Proficy Information Portal can transmit authentication credentials in plain text. An attacker could monitor traffic, obtain valid credentials, and gain access to the portal. Description GE Fanuc Proficy Information Portal is a web-based systems reporting tool often used to...