3704 matches found
Common Desktop Environment (CDE) ToolTalk RPC Server rpc.ttdbserverd contains format string vulnerability
Overview A vulnerability exists in CDE ToolTalk that may allow a remote attacker to execute arbitrary code with root privileges. Description Internet Security Systems ISS X-Force has discovered a format string vulnerability in the Common Desktop Environment CDE ToolTalk Remote Procedure Call RPC...
HPUX kmmodreg allows arbitrary file overwriting via symlink redirection of temporary file
Overview The kmmodreg program distributed with some HPUX versions creates two temporary files with predictable names. Due to insecure handling of these files, an intruder may use them to overwrite arbitrary files during system boot via a symbolic link attack. Description The kmmodreg program...
SSH Secure Shell sshd2 does not adequately authenticate logins to accounts with encrypted password fields containing two or fewer characters
Overview A vulnerability exists in SSH Secure Shell that allows an intruder to log to an account which contains a stored encrypted password of two or fewer characters in length. An intruder may leverage the privileges of such an account to gain full control of the system. Description Certain Unix...
AT&T WinVNC allows user access to passwords and configuration via weak registry permissions
Overview The default installation of WinVNC on certain Microsoft Windows systems permits unauthenticated access to the WinVNC service. Description AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be available on the desktop of a remote...
Sun Solaris SNMP proxy agent /opt/SUNWssp/bin/snmpd contains buffer overflow
Overview The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges. Description The Sun Enterprise 10000 is monitored and controlled by a systems called ...
Alcatel ADSL modems provide EXPERT administrative account with an easily reversible encrypted password
Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...
SSH authentication agent follows symlinks via a UNIX domain socket
Overview Older versions of SSH allow local attackers to to establish ssh sessions as the victim user without authentication. Description The text of this document was originally released on January 20, 1998, as SNI-23, developed by Secure Networks, Inc. SNI. To more widely broadcast this...
MIT Kerberos 5 ksu may allow either the '-r' or '-l' time-interval parameter to overflow the stack with the characters ''d', 'h', 'm', or 's'
Overview Description From the reporter: Time-interval parsing for the "-r" and "-l" command-line options calls a library routine which uses sscanf"%d%d" and passes the address of an automatic int variable to correspond to the second %-sequence. But the % sequence needs an arbitrarily large string...
Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs
Overview Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description The Adobe ColdFusion installer fails to set a secure access-control list ACL on the default installation directory, such as...
Toshiba CHEC contains a hard-coded cryptographic key
Overview Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2014-4875Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key in the...
MicroPact iComplaints cross-site scripting vulnerability
Overview MicroPact iComplaints contains a persistent cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' MicroPact iComplaints contains a persistent cross-site scripting vulnerability. The AddStdLetter.jsp file...
Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities
Overview Symantec Web Gateway 5.1.1.24, and possibly earlier versions, contains cross-site scripting and SQL injection vulnerabilities. Description CVE-2014-1652 -CWE-79: Improper Neutralization of Input During Web Page Generation Symantec Web Gateway 5.1.1.24, and possibly earlier versions,...
Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability
Overview Cisco AsyncOS contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-3289 Cisco AsyncOS, the underlying OS for the Cisco Email Security Appliance, Web Security Applianc...
Unauthorized modification of UEFI variables in UEFI systems
Overview Certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead to bypass of security features and/or denial of service for the platform. Description As discussed in recen...
VASCO IDENTIKEY Authentication Server contains an authentication bypass vulnerability
Overview VASCO IDENTIKEY Authentication Server version 3.4.x contains an authentication bypass vulnerability which could allow an attacker to login to a system without needing the user's Active Directory password credentials. Description CWE-305: Authentication Bypass by Primary WeaknessVASCO's...
KnowledgeView Editorial and Management application cross-site scripting vulnerability
Overview KnowledgeView Editorial and Management application contains a reflected cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' KnowledgeView Editorial and Management application contains a...
SUSE WebYaST remotely accessible hosts list vulnerability
Overview The WebYaST hosts list is remotely accessible by unauthenticated attackers. An attacker may be able to add a malicious host to the list and perform a man-in-the-middle attack against WebYaST. Description The SUSE security advisory states:The hosts list used by WebYaST for connecting to...
IBM Power 5 Service Processor privilege escalation vulnerability
Overview IBM Power 5 Service Processor contain a vulnerability which could allow an attacker to operate with elevated privileges. Description IBM's security advisory states, "A security issue has been identified on IBM Power 5 Systems such that the firewall code does not get executed in certain...
Netsweeper Internet Filter WebAdmin Portal multiple vulnerabilities
Overview Netsweeper Internet Filter WebAdmin Portal contains XSS, CSRF and SQLi vulnerabilities. Description Netsweeper Internet Filter's WebAdmin Portal contains the following XSS, CSRF and SQLi vulnerabilities.CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...
Xelex Technologies MobileTrack contains multiple vulnerabilities
Overview Xelex Technologies' MobileTrack application has been reported to not verify the source of administrative SMS commands. An unauthenticated remote attacker can send commands over SMS to MobileTrack. User data is also exposed on an insecure FTP server account. Description The website for...
UTC Fire & Security Master Clock contains hardcoded default administrator login credentials
Overview UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock have default administrator login credentials that can not be modified by an administrator. Description UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock via Zigbee can sync up to 60,000 slave clocks located throughout a campus-area...
Microsoft Office uninitialized object pointer vulnerability
Overview Microsoft Office fails to properly handle certain Word documents, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Code in the MSO.dll component of Microsoft Office 2003, 2007, and 2010 fails to properly initialize an object pointer when loading...
Foolabs Xpdf contains a denial of service vulnerability
Overview Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts. Description According to Foolabs: Xpdf is an open source viewer for Portable Document Format PDF files. These are sometimes also called 'Acrobat' files, from the name of...
Adobe Shockwave 11.5.9.615 contains multiple memory corruption vulnerabilities
Overview Adobe Shockwave Player 11.5.9.615 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Macromedia Shockwave Player is...
ISC DHCP server DHCPv6 decline message processing vulnerability
Overview ISC DHCPv6 versions 4.0.x - 4.2.x are susceptible to a denial-of-service vulnerability. Description The ISC Advisory states:"When the DHCPv6 server code processes a message for an address that was previously declined and internally tagged as abandoned it can trigger an assert failure...
ISC DHCP server fails to handle zero-length client identifier
Overview A vulnerability in ISC DHCP could allow a remote attacker to cause the DHCP server to exit, resulting in a denial of service. Description ISC DHCP is a commonly redistributed reference implementation of the Dynamic Host Configuration Protocol DHCP, including a server, client, and relay...
Cyrus SASL library buffer overflow vulnerability
Overview The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash. Description SASL Simple Authentication and Security Layer is a method for adding authentication support to various protocols. SASL is...
Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control stack buffer overflow
Overview The Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Linksys WVC54GC wireless video camera provides an ActiveX control called...
Apple Help Viewer vulnerable to buffer overflow
Overview A vulnerability in the way Apple Help Viewer handles specially crafted URLs may allow an attacker to execute arbitrary code or cause a denial of service. Description According to Apple Security Update 2008-003: An integer underflow in Help Viewer's handling of help:topic URLs may result ...
Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX stack buffer overflows
Overview The Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies, which was formerly known as NCT...
AOL Radio AOLMediaPlaybackControl.exe stack buffer overflow
Overview The AOL AOLMediaPlaybackControl application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description AOL Radio includes several ActiveX controls to stream audio in web pages. The AOL AmpX and...
Mortbay Jetty fails to properly handle cookies with quotes
Overview Mortbay Jetty fails to properly handle cookie quotes, which may allow session hijacking. Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle cookies with certain quote sequences. This can cause the Jetty cookie parsing mechanism to improperly...
Apple QuickTime heap buffer overflow vulnerability
Overview Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. Color table atoms can set a list of preferred colors for displaying movieson...
Mozilla-based browsers jar: URI cross-site scripting vulnerability
Overview Mozilla-based web browsers including Firefox contain a vulnerability that may allow an attacker to execute code, or conduct cross-site scripting attacks. Description The jar: protocol is designed to extract content from ZIP compressed files. Mozilla-based browsers include support for jar...
Microsoft Windows Services for UNIX privilege escalation vulnerability
Overview Microsoft Windows Services for UNIX contains a vulnerability that may allow a local, authenticated attacker to gain elevated privileges. Description Windows Services for UNIX fails to properly handle setuid binary files. An attacker may be able to trigger this vulnerability by running a...
Microsoft Windows Vista Feed Headlines Gadget vulnerability
Overview The Windows Vista Feed Headlines gadget contains a vulnerability that may allow and attacker to execute code. Description From Microsoft Security Bulletin MS07-048:Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets simil...
SAP DB Web Server buffer overflow vulnerability
Overview The SAP Web Server contains a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description SAP DB is a database server that includes a series of web-based configuration tools.A stack based buffer overlfow exists in the SAP DB web...
Apple Mac OS X iChat UPnP buffer overflow
Overview A vulnerabilty in the way Apple Mac OS X iChat handles specially crafted UPnP packets may allow execution of arbitrary code or denial of service. Description Apple iChat contains a vulnerability that could be exploited by an attacker on the local network when it attempts to handle...
Research In Motion TeamOn Import Object ActiveX control buffer overflow
Overview The Research In Motion TeamOn Import Object ActiveX control contains a buffer overflow, which could allow an attacker to execute arbitrary code on a vulnerable system. Description The Research In Motion TeamOn Import Object is an ActiveX control, which is provided by the file TOImport.dl...
Cisco PIX and ASA authentication bypass vulnerability
Overview The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing and...
Second Sight Software ActiveGS ActiveX control stack buffer overflows
Overview The Second Sight Software ActiveGS ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveGS is an Apple IIGS emulator that is provided as an...
Novell Netmail WebAdmin buffer overflow vulnerability
Overview Novell NetMail contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Novell NetMail is an email and messenging software package developed by Novell. It is designed to offer mail and calendaring services to large groups of users.WebAdmi...
Apple QuickTime fails to properly process specially crafted MIDI files
Overview The Apple Quicktime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description Apple QuickTime contains a heap buffer overflow vulnerability. This vulnerability may allow an...
Apple Mac OS X UserNotificationCenter privilege escalation vulnerability
Overview Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Description The Apple UserNotificationCenter contains a privilege escalation vulnerability. This vulnerability occurs because the Apple UserNotificationCenter runs with elevate...
Microsoft Word fails to properly handle malformed strings
Overview A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens...
Samba AFS ACL mapping VFS plug-in format string vulnerability
Overview Samba AFS ACL mapping VFS plug-in contains a format string vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Samba AFS ACL mapping VFS plug-in fails to properly sanitize user-controlled file names that are used in ...
Acer LunchApp ActiveX Control fails to properly restrict access to methods
Overview The Acer LunchApp ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary commands on a vulnerable system. Description The Acer LunchApp ActiveX control is provided by LunchApp.ocx. It contains a method called Run, which takes three parameters:...
Microsoft Excel vulnerable to arbitrary code execution via malformed record
Overview A vulnerability in Microsoft Excel may allow an attacker to execute arbitrary code on a vulnerable system. Description A vulnerability exists in the way Microsoft Excel handles malformed records.Per Microsoft Security Bulletin MS07-002: A remote code execution vulnerability exists in...
Kerberos administration daemon fails to properly initialize function pointers
Overview The Kerberos administration daemon fails to properly initialize pointers. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the Kerberos administration daemon handles...
Wireshark HTTP dissector vulnerability
Overview Wireshark contains a vulnerability in the HTTP dissector that may allow an attacker to cause a denial of service condition. Description Wireshark contains a vulnerability in the HTTP dissector that may allow an attacker to cause a denial of service condition. This vulnerability may be...