3704 matches found
Microsoft Office fails to properly handle PNG images
Overview Microsoft Office applications fail to properly handle PNG images. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office applications fail to properly parse PNG images. When an Office document containing a malformed P...
Gracenote CDDB ActiveX control buffer overflow
Overview The Gracenote CDDB ActiveX control contains a buffer overflow vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description CDDB CDDB CD Data Base is an internet database provided by Gracenote. CDDB contains track lists and other informati...
Microsoft Excel vulnerability
Overview An unspecified vulnerability in Microsoft Excel could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a specially crafted document. It is possible that the vulnerability can ...
WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate key exchange algorithm strings
Overview The WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate the length of key exchange algorithm strings. This may allow a remote, unauthenticated attacker to execute arbitrary code. Description wodSSHServerActiveX component According to the wodSSHServer ActiveX...
Mozilla products vulnerable to memory corruption via a particular sequence of HTML tags
Overview A vulnerability in the way Mozilla products and derivative programs handle certain HTML tags could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability has been discovered in the way that Mozilla and derived programs handle certain HTML...
Microsoft Internet Explorer may automatically execute HTA files
Overview Microsoft Internet Explorer IE fails to properly handle HTA files. This vulnerability may allow a remote attacker to execute arbitrary code. Description HTML Application HTA HTML Applications HTAs are HTML documents that are executed as trusted applications. HTAs can run script, Java, or...
Winamp fails to properly handle playlists with long "file" parameter
Overview Winamp contains a buffer overflow vulnerability when processing a playlist that has a long file parameter. This may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Winamp Winamp is a media player for Microsoft Windows systems. It can...
Clam AntiVirus vulnerable to memory corruption via specially crafted UPX packed file
Overview A vulnerability in the ClamAV antivirus toolkit may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Clam AntiVirus is an antivirus toolkit for Unix-like systems that is commonly integrated with mail servers for email attachment scanning. It supports ...
Research in Motion (RIM) BlackBerry Handheld web browser does not properly handle Java Application Description (JAD) files
Overview The Research in Motion RIM BlackBerry Handheld web browser is vulnerable to a denial of service via a specially crafted Java Application Description JAD file. Description The BlackBerry Handheld web browser does not properly handle malformed JAD files. JAD files in J2ME are used to...
Skype VCARD handling routine contains a buffer overflow
Overview A buffer overflow in the way Skype handles imported VCARDs may allow a remote attacker to execute code on a vulnerable system. Description Skype software provides telephone service over IP networks. Skype fails to properly validate imported VCARDs, allowing a buffer overflow to occur. Th...
Oracle HTTP Server vulnerability
Overview An unspecified vulnerability in Oracle's HTTP Server Apache may allow a remote, unauthenticated attacker to compromise system confidentiality, integrity, and availability. Description Oracle Application Server and Database Server includes Apache as an HTTP server. There is an vulnerabili...
Microsoft Windows Shell fails to handle shortcut files properly
Overview Microsoft Windows Shell does not properly handle some shortcut files and may permit arbitrary code execution when a specially-crafted file is opened. Description Microsoft Windows supports files that point to another file, called "shortcut" files. These files have the .lnk extension, and...
Computer Associates BrightStor ARCserve Backup Discovery Service SERVICEPC vulnerable to buffer overflow
Overview The Computer Associates BrightStor ARCserve Backup Discovery Service contains a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. The ARCserve Backu...
MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function
Overview An unauthenticated attacker can cause krb5recvauth function to free a block of memory twice, possibly leading to arbitrary code execution. Description Kerberos is a network authentication system that uses a trusted third party a KDC to authenticate clients and servers to each other. It i...
VERITAS Backup Exec remote registry access validation vulnerability
Overview VERITAS Backup Exec contains a remote registry access validation vulnerability. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.An access validation vulnerability in Backup Exec for Windows allows remote attackers to access...
Cisco IOS Easy VPN Server fails to properly process ISAKMP profile attributes
Overview Cisco IOS Easy VPN Server fails to properly process ISAKMP profile attributes. This may allow a remote, unauthenticated attacker to access the private network. Description Easy VPN Server Cisco IOS Easy VPN Server allows an IOS device to function as a VPN concentrator, providing...
Mozilla fails to properly prevent "JavaScript:" URIs containing "eval()" from being executed in the context of other URIs in the history list
Overview Mozilla fails to properly restrict the execution of javascript: URIs. The impact is similar to that of a cross-site scripting vulnerability, which allows an attacker to access data in other sites. Description Mozilla uses a same origin security model to maintain separation between browse...
Apple Cocoa applications vulnerable to denial of service via malformed TIFF image
Overview Apple Mac OS X applications using the Cocoa environment may quit due to an unhandled exception in TIFF image handling routines. Description Mac OS X applications may take advantage of the Cocoa programming environment, which is described by Apple as "an object-oriented application...
WinAmp contains a flaw in metadata handling in .mpa and .mp4 files
Overview WinAmp contains a flaw which may allow an attacker to crash WinAmp remotely via .mpa or .mp4 files. Description Nullsoft's WinAmp Player, a popular multimedia system for Microsoft Windows, contains a flaw in the handling of the metadata called "tags" contained within .mpa and .mp4 files...
SquirrelMail vulnerable to command injection because of flawed input checking in S/MIME plug-in
Overview SquirrelMail contains a flaw in its S/MIME plug-in certificate handling routines which may allow arbitrary code to be remotely executed. Description From the SquirrelMail web page:SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for...
Microsoft DHTML Drag-and-Drop events insufficiently validated
Overview Microsoft DHTML Drag-and-Drop events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description Microsoft Drag-and-Drop events do not proper...
Apple iTunes fails to properly handle overly long URLs in playlists
Overview A buffer overflow vulnerability in iTunes could allow a remote attacker to execute arbitrary code. Description Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. It supports a variety of playlist formats including .m3u and .pls. A...
LibTIFF vulnerable to denial-of-service condition
Overview An Integer overflow in the LibTIFF library may allow a remote attacker to cause a divide-by-zero error that results in a denial-of-service condition. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF format. An integer overflow in the...
Sun Java Plug-in fails to restrict access to private Java packages
Overview There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Description The Java Plug-in is part of the Java 2 Runtime Environment JRE and establishes a framework for displaying Java applets within a web browser...
FreeBSD syscons fails to properly validate input in "CONS_SCRSHOT" ioctl
Overview The FreeBSD syscons CONSSCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information. Description Syscons is the default console driver for FreeBSD. It provides...
The zlib compression library is vulnerable to a denial-of-service condition
Overview Un-handled error conditions in the zlib compression library may allow an attacker to cause a denial-of-service condition. Description There is a vulnerability in the error handling mechanisms of the decompression functions in the zlib compression library. The decompression functions...
Microsoft Office WordPerfect 5.x Converter contains a buffer overflow vulnerability
Overview A buffer overflow vulnerability in the Microsoft Office WordPerfect 5.x Converter could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Office WordPerfect 5.x Converter allows users to convert documents in WordPerfect format to Microsof...
Microsoft Internet Explorer window.createPopup() method creates chromeless windows
Overview The Internet Explorer IE window.createPopup method creates chromeless popup windows. These windows can be used to spoof the user interface in Internet Explorer, any Windows application, or the Windows desktop. Description The visible area of a web browser window can be categorized into t...
Microsoft Outlook Web Access contains vulnerability in HTML redirection query
Overview A cross-site scripting vulnerability in Microsoft Exchange 5.5 Outlook Web Access OWA could allow an attacker to execute arbitrary scripting code in the victim's browser. Description Outlook Web Access OWA is a component of Microsoft Exchange. By using OWA, a server that is running...
Multiple Symantec firewall products contain a buffer overflow in the processing of DNS resource records
Overview There is a buffer overflow vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted Domain Name Service DNS packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. Description Symantec offers a...
HP-UX CDE library libDtSvc contains unspecified buffer overflow
Overview CDE, the default X Windows environment in HP-UX, ships with a libraray called libDtSvc. It has a locally-exploitable buffer overflow in some versions. Description Please see HP Security Bulletin HPSBUX0401-308 SSRT3492 for more details. --- Impact A local user may be able to gain...
Microsoft MSN Messenger fails to properly validate file requests
Overview Microsoft MSN Messenger fails to properly validate file requests which could allow an attacker to view the contents of files on the victim's system. Description Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with friends using text messages,...
Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function
Overview Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTODSINTERVAL function. Thi...
Microsoft Windows Workstation service vulnerable to buffer overflow when sent specially crafted network message
Overview A remotely exploitable vulnerability affects Microsoft Windows Systems. Exploitation of this vulnerability could permit the execution of arbitrary code on the system with elevated privileges. The exploit vector for this vulnerability is highly conducive to a worm or other automated...
RealNetworks media server RTSP protocol parser buffer overflow
Overview RealNetworks Helix Universal Server 9 media servers contain a buffer overflow in a RTSP protocol parser. Earlier versions of their media servers are also affected: RealSystem Server 7, 8, and RealServer G2. Description RealNetworks Helix Universal Server 9 media server is software which...
IBM AIX vulnerable to DoS
Overview A denial-of-service vulnerability in AIX may allow a remote attacker to consume 100% of the CPU. Description AIX is a UNIX operating system distributed by IBM. A vulnerability in AIX 4.3.3 may allow a remote attacker to cause a denial of service. For more information, please see IBM APAR...
Entrust Authority Security Manager (EASM) does not enforce multiple authorization requirement for master user password change
Overview Entrust Authority Security Manager contains a vulnerability that could allow a master user to change the password of another master user. A master user could exploit this vulnerability to perform operations that otherwise require authorization by multiple master users. Description Entrus...
HP Tru64 UNIX "su" command vulnerable to buffer overflow
Overview The Hewlett Packard Tru64 "su" command contains a locally exploitable buffer overflow. An exploit for this vulnerability is known to exist and may be circulating. Description The Hewlett Packard Tru64 operating system contains a command, known as "su," that allows users to assume the...
Buffer overflow in Snort RPC preprocessor
Overview There is a buffer overflow vulnerability in the RPC preprocessing feature of Snort versions 1.8 through 1.9.0 and 2.0 beta. Description Martin Roesch, the primary Snort developer, described the vulnerability by saying:When the RPC decoder normalizes fragmented RPC records, it incorrectly...
ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received
Overview A vulnerability in the Internet Software Consortium's "dhcrelay" makes it possible for a remote attacker to use dhcrelay to launch a denial-of-service attack against a victim dhcp server. Description The Internet Software Consortium ISC produces a "freely redistributable reference...
Microsoft Locator service contains buffer overflow
Overview A remotely exploitable buffer overflow exists in the Microsoft Locator service. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Locator service "maps logical names to network-specific names". Quoting from...
Sun KCMS library service daemon does not adequately validate location of KCMS profiles
Overview The Sun KCMS library service daemon, kcmsserver, does not adequately validate the location of KCMS profile files. This could allow a remote attacker to read arbitrary files on a vulnerable system. Description Sun Solaris contains support for the Kodak Color Management System KCMS, an...
SetupCtl 1.0 Type Library contains a buffer overflow
Overview SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely exploitable buffer overflow. This control ships with Microsoft Internet Explorer 4.01 and 5. Description SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely...
WebCalendar does not adequately validate user input
Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...
zml.cgi does not adequately validate user input thereby allowing directory traversal
Overview zml.cgi does not adequately validate user input, allowing for directory traversal out of the web root directory. Description The perl script zml.cgi reads and parses a file on the server, executing certain Server Side Include SSI directives found in the file. The script accepts a CGI...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_printstatements" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpprintstatements , that permits an unprivileged user of a database to gain administrative...
Talentsoft Web+ contains buffer overflow in "webpsvc.exe"
Overview Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+. Description Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffe...
Microsoft SQL Server contains SQL injection vulnerability in replication stored procedures
Overview Microsoft SQL Server contains multiple SQL injection vulnerabilities that allow database users to leverage administrative privileges on a single database to execute SQL queries or operating system commands with greater privileges. Description Microsoft SQL Server provides a scripting...
Microsoft Remote Access Service API contains buffer overflow vulnerability via phonebook entries
Overview The Microsoft Remote Access Service API contains a vulnerability that allows local attackers to execute arbitrary code with system privileges. Description The Microsoft Remote Access Service RAS Application Programming Interface API allows Windows programs to make dial-up connections to...
Chunked encoding post can consume excessive memory on IIS 4.0 webserver
Overview Microsoft IIS 4.0, circa March 2000, contained a vulnerability that allowed an intruder to consume unlimited memory on a vulnerable server. Description Older versions of IIS 4.0, circa March 2000, contained a vulnerability in the chunked-encoding transfer mechanism that permitted an...