Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_printstatements" extended procedure

Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpprintstatements , that permits an unprivileged user of a database to gain administrative...

Microsoft ASP.NET contains buffer overflow

Overview Microsoft ASP.NET contains buffer overflow in routine that handles the processing of cookies in StateServer mode. Description ASP.NET is a programming framework provided by Microsoft. For more details about this framework, please see the official web page.A remotely exploitable buffer...

Microsoft Remote Access Service API contains buffer overflow vulnerability via phonebook entries

Overview The Microsoft Remote Access Service API contains a vulnerability that allows local attackers to execute arbitrary code with system privileges. Description The Microsoft Remote Access Service RAS Application Programming Interface API allows Windows programs to make dial-up connections to...

Oracle TNS Listener Control Utility (LSNRCTL) contains format string vulnerability

Overview The Oracle Listener Control Utility LSNRCTL contains a format string vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code or commands or cause a denial of service. Description Oracle Transparent Network Substrate TNS Listeners are processes that...

Cisco Content Service Switch performs soft reset when XML data is sent to web management interface

Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to perform a soft reset on affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional...

Linux kernel IP Masquerading "destination loose" (DLOOSE) configuration passes arbitrary UDP traffic

Overview The default configuration of the IP Masquerade feature of certain Linux 2.2 kernels may allow unsolicited inbound UDP packets to traverse a NAT gateway and reach a translated network. Description As defined in RFC 1631, Network Address Translation NAT provides a means to translate a loca...

Netwin Surge FTP Server does not adequately validate user input thereby allowing directory traversal

Overview Surge FTP Server 2.0a contains a directory traversal vulnerability. Description Surge FTP Server 2.0a allows remote users to list files outside the FTP root directory. --- Impact Attackers may list files from directories to which access was not granted. --- Solution Upgrade to version...

Multiple implementations of the RADIUS protocol contain a digest calculation buffer overflow

Overview Multiple implementations of the RADIUS protocol contain a buffer overflow in the function that calculates message digests. Description During the message digest calculation, a string containing the shared secret is concatenated with a packet received without checking the size of the targ...

Tripwire vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview Tripwire is a file integrity verification utility for Unix and Linux operating systems. In some implementations, tripwire opens insecure temporary files with predictable names in publically-writable directories. Using a symbolic link attack, a local intruder may overwrite or create...

Digital Unix msgchk vulnerable to file contents disclosure via symlink redirection of profile

Overview msgchk, a part of the MH mail system, reads the user's .mhprofile in order to obtain configuration options. If the .mhprofile is linked to another file with illegal format, the first line of that file will be displayed in an error message by msgchk. Description msgchk is the portion of t...

Common Desktop Environment (CDE) ToolTalk RPC Server rpc.ttdbserverd contains format string vulnerability

Overview A vulnerability exists in CDE ToolTalk that may allow a remote attacker to execute arbitrary code with root privileges. Description Internet Security Systems ISS X-Force has discovered a format string vulnerability in the Common Desktop Environment CDE ToolTalk Remote Procedure Call RPC...

ISC inn creates temporary files insecurely

Overview inn, a network news agent, may be configured on some operating systems to use a publically-writeable directory for its temporary files. This may be exploited to gain access to the news account. Description inn is distributed on a variety of Linux platforms. The program is written under t...

AOLServer contains buffer overflow in ParseAuth()

Overview AOLServer versions 3.3.0 and earlier contain an exploitable buffer overflow. This can lead to arbitrary execution of code on the system. Description AOLServer is a free open source web server. It was originally written by America Online AOL, and is currently developed and maintained by A...

Microsoft Windows 2000 Telnet Service searches all trusted domains for user accounts

Overview The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft Windows 2000 Telnet Service allows users to establish connections using either local account...

Microsoft Windows 2000 Telnet Service fails to enforce timeouts on idle telnet sessions

Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows a remote attacker to place idle...

Microsoft Windows 2000 Telnet Service contains handle leak

Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a resource starvation vulnerability that prevents the server...

Beck IPC@Chip TelnetD vulnerable to account lockout via idle telnet connection

Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to create a denial-of-service condition. Description The Beck IPC@CHIP is a single chip embedded webserver. This device contains a telnet server that is configured by default to not have a login timeout. Additionally,...

Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the Apache Tomcat Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...

Internet Explorer DHTML"Download Behavior" can be tricked into exposing local files

Overview The download behavior of Internet Explorer 5.0 can be used to perform arbitrary operations on local files. Description Internet Explorer 5.0 includes a dynamic HTML DHTML behavior called "download behavior." A "behavior" is a software object that specifies some behavior of a web page...

HPUX kmmodreg allows arbitrary file overwriting via symlink redirection of temporary file

Overview The kmmodreg program distributed with some HPUX versions creates two temporary files with predictable names. Due to insecure handling of these files, an intruder may use them to overwrite arbitrary files during system boot via a symbolic link attack. Description The kmmodreg program...

Curses library vulnerable to buffer overflow

Overview The curses library derived from System V contains a buffer overflow. A local user can execute a command that uses this library to exploit the vulnerability and gain elevated privileges. Description There is a buffer overflow in the curses library that could permit a local user to gain...

SSH Secure Shell sshd2 does not adequately authenticate logins to accounts with encrypted password fields containing two or fewer characters

Overview A vulnerability exists in SSH Secure Shell that allows an intruder to log to an account which contains a stored encrypted password of two or fewer characters in length. An intruder may leverage the privileges of such an account to gain full control of the system. Description Certain Unix...

Microsoft Windows 2000 Kerberos service vulnerable to DoS via repeated invalid requests

Overview A core service of Microsoft Windows 2000 domain controllers fails to correctly handle certain invalid requests. After receiving a number of invalid requests, the domain controller may have to be rebooted to return it to correct operation. A disabled domain controller can interfere with t...

AT&T WinVNC allows user access to passwords and configuration via weak registry permissions

Overview The default installation of WinVNC on certain Microsoft Windows systems permits unauthenticated access to the WinVNC service. Description AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be available on the desktop of a remote...

SSH authentication agent follows symlinks via a UNIX domain socket

Overview Older versions of SSH allow local attackers to to establish ssh sessions as the victim user without authentication. Description The text of this document was originally released on January 20, 1998, as SNI-23, developed by Secure Networks, Inc. SNI. To more widely broadcast this...

Microsoft Windows NT 4.0/TSE Winsock2ProtocolCatalogMutex has insecure permissions (MS01-003)

Overview A mutex controlling access to resources required for networking on Windows NTMicrosoft Windows NT 4.0 and Microsoft Windows NT 4.0, Terminal Server Edition, has inappropriate permissions. Description In general terms, a mutex is an object used to control access to a resource e.g. a...

Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J

Overview A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets...

Pixar Tractor contains a stored cross-site scripting vulnerability

Overview Pixar's Tractor network rendering software is vulnerable to stored cross-site scripting which may allow an attacker to execute arbitrary JavaScript. Description Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability CWE-79 in the field tha...

Nuuo NT-4040 firmware contains insecure default credentials

Overview Nuuo NT-4040 Titan, firmware NT-404001.07.0000.00151120, uses default credentials Description CWE-255: Credentials Management - CVE-2016-6553Nuuo NT-4040 Titan, firmware NT-404001.07.0000.00151120, uses non-random default credentials of: admin:admin and localdisplay:111111 . A remote...

Patterson Dental Eaglesoft uses a hard-coded database password across installations

Overview Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Description CWE-798: Use of Hard-coded Credentials- CVE-2016-2343 According to the researcher, Eaglesoft uses hard-coded credentials to access a...

Samsung Galaxy S phones fail to properly validate SwiftKey language pack updates

Overview Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, fail to properly validate Swiftkey language pack updates. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2015-4640Samsung Galaxy S phones, including the S4 Mini, S4, S5, and S6, are pre-installed...

Toshiba CHEC contains a hard-coded cryptographic key

Overview Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2014-4875Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key in the...

Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities

Overview Symantec Web Gateway 5.1.1.24, and possibly earlier versions, contains cross-site scripting and SQL injection vulnerabilities. Description CVE-2014-1652 -CWE-79: Improper Neutralization of Input During Web Page Generation Symantec Web Gateway 5.1.1.24, and possibly earlier versions,...

Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability

Overview Cisco AsyncOS contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-3289 Cisco AsyncOS, the underlying OS for the Cisco Email Security Appliance, Web Security Applianc...

Alfresco Enterprise contains multiple cross-site scripting vulnerabilities

Overview Alfresco Enterprise 4.1.6 and possibly earlier versions are vulnerable to multiple cross-site scripting XSS vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Alfresco Enterprise is vulnerable to a stored cross-site...

Virtual Access GW6110A router privilege escalation vulnerability

Overview Virtual Access GW6110A routers contain a privilege escalation vulnerability which could allow an authenticated user to escalate their privileges. Description CWE-472: External Control of Assumed-Immutable Web ParameterVirtual Access GW6110A routers contain a privilege escalation...

VASCO IDENTIKEY Authentication Server contains an authentication bypass vulnerability

Overview VASCO IDENTIKEY Authentication Server version 3.4.x contains an authentication bypass vulnerability which could allow an attacker to login to a system without needing the user's Active Directory password credentials. Description CWE-305: Authentication Bypass by Primary WeaknessVASCO's...

L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack

Overview L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack, resulting in information leakage. allowing a local attacker to derive the contents of memory not belonging to the attacker. Description Common L3 CPU shared cache architecture is susceptible to a...

KnowledgeView Editorial and Management application cross-site scripting vulnerability

Overview KnowledgeView Editorial and Management application contains a reflected cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' KnowledgeView Editorial and Management application contains a...

IBM Notes runs arbitrary JAVA and Javascript in emails

Overview IBM Notes parses arbitrary JAVA and Javascript code by default when viewing emails. Description The n.runs AG security advisory states:Notes 8.5.3 does not filter tags inside HTML emails. This can be used to load arbitrary Java applets from remote sources making it an information...

TP-LINK TL-WR841N wireless router local file inclusion vulnerability

Overview The TP-LINK TL-WR841N wireless router contains a local file inclusion vulnerability which could allow an attacker to download critical configuration files off the device. Description CWE-829: Inclusion of Functionality from Untrusted Control SphereThe TP-LINK TL-WR841N wireless router...

IBM Power 5 Service Processor privilege escalation vulnerability

Overview IBM Power 5 Service Processor contain a vulnerability which could allow an attacker to operate with elevated privileges. Description IBM's security advisory states, "A security issue has been identified on IBM Power 5 Systems such that the firewall code does not get executed in certain...

Vanilla Forums version 2.1.a26 contains a parameter manipulation vulnerability

Overview Vanilla Forums version 2.1.a26 and possibly other versions is vulnerable to parameter manipulation via the "edit profile" page of authenticated users. Description CWE-280: Improper Handling of Insufficient Permissions or PrivilegesVanilla Forums version 2.1.a26 and possibly other version...

Sophos Antivirus contains multiple vulnerabilities

Overview Sophos Antivirus contains multiple vulnerabilities including memory corruption issues and design flaws. Description Sophos Antivirus contains multiple vulnerabilities including memory corruption issues and design flaws. Tavis Ormandy's security report lists the following vulnerabilities...

Axigen Mail Server directory traversal vulnerability

Overview Axigen Mail Server contains a directory traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted DirectoryAxigen Mail Server has a web based administration site which allows authorized administrators to perform certain actions via HTTP. The 'View Log...

Netsweeper Internet Filter WebAdmin Portal multiple vulnerabilities

Overview Netsweeper Internet Filter WebAdmin Portal contains XSS, CSRF and SQLi vulnerabilities. Description Netsweeper Internet Filter's WebAdmin Portal contains the following XSS, CSRF and SQLi vulnerabilities.CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...

Xelex Technologies MobileTrack contains multiple vulnerabilities

Overview Xelex Technologies' MobileTrack application has been reported to not verify the source of administrative SMS commands. An unauthenticated remote attacker can send commands over SMS to MobileTrack. User data is also exposed on an insecure FTP server account. Description The website for...

UTC Fire & Security Master Clock contains hardcoded default administrator login credentials

Overview UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock have default administrator login credentials that can not be modified by an administrator. Description UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock via Zigbee can sync up to 60,000 slave clocks located throughout a campus-area...

Microsoft Windows UDP packet parsing vulnerability

Overview A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service. Description Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a...

NJStar Communicator MiniSmtp packet processing buffer overflow vulnerability

Overview NJStar Communicator MiniSmtp server contains a buffer overflow vulnerability when processing malicious packets. Description According to the NJStar's website, "NJStar Communicator enables Chinese, Japanese and Korean CJK language input, display, print and conversions on your English or...