NetScreen Instant Virtual Extranet (IVE) platform contains cross-site scripting vulnerability in delhomepage.cgi

Overview NetScreen Instant Virtual Extranet IVE platform contains a cross-site scripting vulnerability in the row parameter of delhomepage.cgi, which could allow an attacker to mount a cross-site scripting attack. Description The Instant Virtual Extranet platform is an application security gatewa...

Multiple tools within the Netpbm package create temporary files in an insecure manner

Overview Multiple tools within the Netpbm package create temporary files in an insecure manner. Description Netpbm is a toolkit that contains over 220 separate tools for manipulating graphic images. Multiple tools within the Netpbm package create temporary files insecurely. --- Impact A local...

Microsoft Data Access Components (MDAC) contains buffer overflow

Overview Microsoft Data Access Components MDAC contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a denial of service. Description From Microsoft Security Bulletin MS04-003:Microsoft Data Access Components MDAC is a collection of...

CDE libDtHelp vulnerable to buffer overflow via DTHELPUSERSEARCHPATH or DTHELPSEARCHPATH

Overview There is a vulnerability in the Common Desktop Environment CDE for UNIX systems which can allow a local user to gain root privileges. Description The Common Desktop Environment CDE is a standard desktop environment for UNIX based systems. CDE libDtHelp contains a buffer overflow that can...

Avaya Argent Office vulnerable to denial of service via malformed DNS packets

Overview The Avaya Argent Office reboots in response to certain malformed DNS packets, resulting in a denial of service condition. Description The Avaya Argent Office reboots when a packet with an empty payload is sent to UDP port 53 DNS on its internal interface. By sending repeated packets to...

SGI IRIX contains buffer overflow vulnerability in "cpr" program

Overview A vulnerability in cpr may allow a local attacker execute arbitrary code. Description SGI describes cpr as follows:IRIX Checkpoint and Restart CPR offers a set of user-transparent software management tools, allowing system administrators, operators, and users with suitable privileges to...

Adobe Acrobat does not adequately validate Acrobat JavaScript

Overview Adobe Acrobat contains a vulnerability in its JavaScript parsing engine that could allow an attacker to place arbitrary files on the local file system. Description Different versions of Adobe Acrobat software can create, modify, and read Portable Document Format PDF files. Acrobat...

ScriptLogic RunAdmin service can allow users to gain administrative access

Overview There is a vulnerability in version 4.01 of ScriptLogic that may allow local or domain users to gain administrative access to workstations running the ScriptLogic RunAdmin service. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabiliti...

tcpdump enters infinite loop when parsing crafted ISAKMP packets

Overview There is a denial-of-service vulnerability in tcpdump that may allow a remote attacker to cause tcpdump to enter an infinite loop. Description tcpdump, a tool used to monitor network traffic, has the ability to capture Internet Security Association and Key Management Protocol ISAKMP...

Eye of Gnome contains format string vulnerability in the file name handling of command line arguments

Overview Eye of Gnome contains a format string vulnerability that may allow remote attackers to execute arbitrary code with the privileges of the user running the application, typically an unprivileged system user. Description Eye of Gnome EOG is an image viewing application that is part of the...

Entrust Authority Security Manager (EASM) does not enforce multiple authorization requirement for master user password change

Overview Entrust Authority Security Manager contains a vulnerability that could allow a master user to change the password of another master user. A master user could exploit this vulnerability to perform operations that otherwise require authorization by multiple master users. Description Entrus...

Automatic File Content Type Recognition Tool contains memory allocation problem

Overview A memory allocation problem exists in the "Automatic File Content Type Recognition Tool" versions of the file1 package prior to 3.41. Description According to an OpenPKG advisory, a memory allocation problem exists in the "Automatic File Content Type Recognition Tool" AFCTR tool versions...

ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received

Overview A vulnerability in the Internet Software Consortium's "dhcrelay" makes it possible for a remote attacker to use dhcrelay to launch a denial-of-service attack against a victim dhcp server. Description The Internet Software Consortium ISC produces a "freely redistributable reference...

Buffer overflow in Microsoft Windows Shell

Overview A remotely exploitable buffer overflow exists in the Microsoft Windows Shell. This buffer overflow is present in all versions of Windows XP, but it is not present in other versions of Windows. Description There is a buffer overflow in the Microsoft Windows Shell. The Shell provides the...

Multiple IPsec implementations do not adequately validate authentication data

Overview IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. Description For background: RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header RFC...

Microsoft Java implementation JDBC functions do not properly validate parameters

Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM contain functions that do not properly validate parameters. A malicious Java applet can exploit this vulnerability to crash programs on the client system. Description Microsoft's Java VM is installed on...

SetupCtl 1.0 Type Library contains a buffer overflow

Overview SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely exploitable buffer overflow. This control ships with Microsoft Internet Explorer 4.01 and 5. Description SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely...

Alchemy Eye HTTP Server does not adequately validate user input thereby allowing remote command execution

Overview Alchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution. Description Alchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP...

WebCalendar does not adequately validate user input

Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...

Talentsoft Web+ contains buffer overflow in "webpsvc.exe"

Overview Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+. Description Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffe...

Microsoft SQL Server contains SQL injection vulnerability in replication stored procedures

Overview Microsoft SQL Server contains multiple SQL injection vulnerabilities that allow database users to leverage administrative privileges on a single database to execute SQL queries or operating system commands with greater privileges. Description Microsoft SQL Server provides a scripting...

Chunked encoding post can consume excessive memory on IIS 4.0 webserver

Overview Microsoft IIS 4.0, circa March 2000, contained a vulnerability that allowed an intruder to consume unlimited memory on a vulnerable server. Description Older versions of IIS 4.0, circa March 2000, contained a vulnerability in the chunked-encoding transfer mechanism that permitted an...

Microsoft Exchange 2000 exhausts server resources while attempting to process malformed mail attributes

Overview Microsoft Exchange 2000 contains a vulnerability that allows remote attackers to conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed. Description Microsoft Exchange 2000 contains a vulnerability in its handling of...

Apache HTTP Server on Win32 systems does not securely handle input passed to CGI programs

Overview A vulnerability in the Apache HTTP Server running on Win32 systems Windows 9x/Me, Windows NT/2000/XP could allow an attacker to execute commands with the privileges of the web server process. Description The Apache HTTP Server is a freely available web server that runs on a variety of...

AOL Instant Messenger vulnerable to denial of service via crafted file name

Overview AOL Instant Messenger AIM 4.1 and prior are vulnerable to a denial of service vulnerability. A denial of service occurs when filenames that contain a "%s" are sent to a victim. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM...

Lotus Notes does not adequately secure databases thereby permitting arbitrary user to extract file attachments via NSFDbReadObject function call

Overview Lotus Domino Servers 5.x, 4.6x, and 4.5x allow users to associate objects with documents in a database. While these objects appear to be a part of the document, they are actually stored as separate files. A vulnerability exist by which an intruder could view these objects regardless of t...

Oracle 9iAS XSQL Servlet ignores file permissions allowing arbitrary users to view sensitive configuration files

Overview It is possible to read the sensitive configuration files from an Oracle 9i Application Server without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially compromising it. Description Default installation of the Oracle 9...

Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"

Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...

Multiple implementations of the RADIUS protocol contain a digest calculation buffer overflow

Overview Multiple implementations of the RADIUS protocol contain a buffer overflow in the function that calculates message digests. Description During the message digest calculation, a string containing the shared secret is concatenated with a packet received without checking the size of the targ...

Microsoft Internet Explorer download dialog may not display complete filenames

Overview There is a vulnerability in the download dialog box in Internet Explorer versions 5.5 and 6.0. The vulnerability allows an attacker to mislead users, causing them to inadvertently execute arbitrary code on the user's system. Description When downloading files included in web pages, users...

Common Desktop Environment (CDE) Subprocess Control Service dtspcd contains buffer overflow

Overview A remotely exploitable buffer overflow exists in the Common Desktop Environment CDE Subprocess Control Service dtspcd. An attacker who successfully exploits this vulnerability can execute arbitrary code as root. Description Internet Security Systems ISS X-Force has reported a remotely...

HP-UX vulnerable to buffer overflow in line printer daemon (rlpdaemon) via crafted print request

Overview The line printer daemon rlpdaemon on HP-UX systems enable various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges. Description A buffer overflow exists in...

AOLServer contains buffer overflow in ParseAuth()

Overview AOLServer versions 3.3.0 and earlier contain an exploitable buffer overflow. This can lead to arbitrary execution of code on the system. Description AOLServer is a free open source web server. It was originally written by America Online AOL, and is currently developed and maintained by A...

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits telnet access when no password has been set

Overview The Cisco 6400 Access Concentrator Node Route Processor 2 NRP2 module permits unauthenticated telnet access when no password has been set. Description The Access Concentrator Node Route Processor is a router blade for the Cisco 6400. It's purpose is to aggregate and terminate incoming...

Microsoft Windows 2000 Telnet Service contains handle leak

Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a resource starvation vulnerability that prevents the server...

Microsoft Windows 2000 Telnet Service searches all trusted domains for user accounts

Overview The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft Windows 2000 Telnet Service allows users to establish connections using either local account...

FreeBSD can be compromised locally via signal handlers

Overview The FreeBSD operating system does not adequately clear signal handlers subsequent to a process calling exec on a setuid program. This vulnerability can allow a local attacker to execute arbitrary code as root. Description The unix fork function's purpose is to create a new process from a...

BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request

Overview The line printer daemon enables various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges. Description There is a buffer overflow in several implementations of...

Lotus Domino vulnerable to DoS via crafted HTTP header requests

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Description HTTP requests with uniquely crafted headers using "Accept", "Accept-Charset", "Accept-Encoding", "Accept-Language" or "Content-Type" are not freed properly. This means that...

Microsoft Windows 2000 Kerberos service vulnerable to DoS via repeated invalid requests

Overview A core service of Microsoft Windows 2000 domain controllers fails to correctly handle certain invalid requests. After receiving a number of invalid requests, the domain controller may have to be rebooted to return it to correct operation. A disabled domain controller can interfere with t...

SGI IRIX Embedded Support Partner (ESP) service rpc.espd contains buffer overflow

Overview There is a remotely-accessible buffer overflow in SGI IRIX systems running rpc.espd that may allow remote attackers to execute arbitrary code. The Embedded Support Partner daemon rpc.espd is enabled by default on all IRIX versions since 6.5.5. Description The Embedded Support Partner...

Sun Solaris sadmind buffer overflow in amsl_verify when requesting NETMGT_PROC_SERVICE

Overview The sadmind program can be used to perform distributed system administration operations remotely using RPC. A stack buffer overflow in sadmind may be exploited by a remote attacker to execute arbitrary instructions and gain root access. Description The sadmind program is installed by...

Microsoft Windows NT 4.0/TSE Winsock2ProtocolCatalogMutex has insecure permissions (MS01-003)

Overview A mutex controlling access to resources required for networking on Windows NTMicrosoft Windows NT 4.0 and Microsoft Windows NT 4.0, Terminal Server Edition, has inappropriate permissions. Description In general terms, a mutex is an object used to control access to a resource e.g. a...

Seagate Crystal Reports exposes cleartext username/password pairs when embedded in URL or HTTP request

Overview The Seagate Crystal Reports product exposes passwords to back-end databases in certain configurations. In particular, the username and password are transmitted in plaintext from the client browser to the server as part of the URL when using technologies other than Active Server Pages ASP...

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow

Overview There is a off-by-one vulnerability in several BSD-derived ftpd servers. Description The ftp server in several BSD distributions contains a defect which allows one byte of the program memory allocated within a stack frame to be overwritten with a NUL byte '\0'. The byte in question is...

SGI IRIX df buffer overflow in directory argument

Overview Description The df program is used to display statistics about the amount of used and free disc space on a set of mounted file systems. Alternately, it can be used to check on the amount of space available on unmounted block devices which may be specified by some path. Due to insufficien...

Wang/Kodak Image Admin ActiveX Control

Overview Description The Image Admin control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Admin control is one of several controls used to provide image editting services through a web site. Because the...

Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs

Overview Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description The Adobe ColdFusion installer fails to set a secure access-control list ACL on the default installation directory, such as...

Periscope BuySpeed is vulnerable to stored cross-site scripting

Overview Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript. Description Periscope BuySpeed is a "tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed...

Nuuo NT-4040 firmware contains insecure default credentials

Overview Nuuo NT-4040 Titan, firmware NT-404001.07.0000.00151120, uses default credentials Description CWE-255: Credentials Management - CVE-2016-6553Nuuo NT-4040 Titan, firmware NT-404001.07.0000.00151120, uses non-random default credentials of: admin:admin and localdisplay:111111 . A remote...