3702 matches found
Honeywell Tuxedo Touch Controller contains multiple vulnerabilities
Overview All versions of Honeywell Tuxedo Touch Controller are vulnerable to authentication bypass and cross-site request forgery CSRF. Description CWE-603: Use of Client-Side Authentication - CVE-2015-2847The Honeywell Tuxedo Touch Controller web interface uses JavaScript to check for client...
Toshiba CHEC contains a hard-coded cryptographic key
Overview Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2014-4875Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key in the...
Barracuda Web Filter insecurely performs SSL inspection
Overview Barracuda Web Filter prior to version 8.1.0.005 does not properly check upstream certificate validity when performing SSL inspection, and delivers one of three default root CA certificates across multiple machines for SSL inspection. Description According to Barracuda Networks, the...
Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosure
Overview The Blue Coat Malware Analysis appliance is vulnerable to cross-site scripting XSS and information disclosure. Description The Blue Coat Malware Analysis appliance is a sandboxed appliance that scans for threats in files and downloads on the network.A cross-site scripting vulnerability...
Cobham Sailor satellite terminals contain hardcoded credentials
Overview Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials. Description CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 900 and 6000 series satellite communication terminals running firmware version: 1.08 MFHF / 2.11 VHF contain hardcod...
Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability
Overview Cisco AsyncOS contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-3289 Cisco AsyncOS, the underlying OS for the Cisco Email Security Appliance, Web Security Applianc...
Virtual Access GW6110A router privilege escalation vulnerability
Overview Virtual Access GW6110A routers contain a privilege escalation vulnerability which could allow an authenticated user to escalate their privileges. Description CWE-472: External Control of Assumed-Immutable Web ParameterVirtual Access GW6110A routers contain a privilege escalation...
VASCO IDENTIKEY Authentication Server contains an authentication bypass vulnerability
Overview VASCO IDENTIKEY Authentication Server version 3.4.x contains an authentication bypass vulnerability which could allow an attacker to login to a system without needing the user's Active Directory password credentials. Description CWE-305: Authentication Bypass by Primary WeaknessVASCO's...
AT&T Connect Participant Application for Windows v9.5.35 contains a stack-based buffer overflow vulnerability
Overview AT&T Connect Participant Application for Windows v9.5.35 and possibly earlier versions contain a stack-based buffer overflow CWE-121 vulnerability. Description CWE-121: Stack-based Buffer Overflow AT&T Connect Participant Application for Windows v9.5.35 and possibly earlier versions...
Tyler Technologies TaxWeb 3.13.3.1 contains multiple vulnerabilities
Overview Tyler Technologies TaxWeb 3.13.3.1 and possibly earlier versions contain cross-site request forgery CWE-352, information exposure CWE-203, and reflected cross-site scripting CWE-79 vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2013-6018TaxWeb 3.13.3.1...
L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack
Overview L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack, resulting in information leakage. allowing a local attacker to derive the contents of memory not belonging to the attacker. Description Common L3 CPU shared cache architecture is susceptible to a...
Choice Wireless Green Packet 4G WiMax modem vulnerability
Overview Choice Wireless Green Packet 4G WiMax modem, model number WIXFMR-111, fails to properly validate ajax requests allowing a remote unauthenticated attacker to view system configuration information or possibly execute commands on the device. Description It has been reported that Choice...
IBM Notes runs arbitrary JAVA and Javascript in emails
Overview IBM Notes parses arbitrary JAVA and Javascript code by default when viewing emails. Description The n.runs AG security advisory states:Notes 8.5.3 does not filter tags inside HTML emails. This can be used to load arbitrary Java applets from remote sources making it an information...
Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installations
Overview Henry Schein Dentrix G5, a dental practice management software suite, uses hard-coded database access credentials that are shared across multiple installation sites. An attacker who is able to obtain the credentials for one site may be able to gain access to other sites using the same...
TP-LINK TL-WR841N wireless router local file inclusion vulnerability
Overview The TP-LINK TL-WR841N wireless router contains a local file inclusion vulnerability which could allow an attacker to download critical configuration files off the device. Description CWE-829: Inclusion of Functionality from Untrusted Control SphereThe TP-LINK TL-WR841N wireless router...
Vanilla Forums version 2.1.a26 contains a parameter manipulation vulnerability
Overview Vanilla Forums version 2.1.a26 and possibly other versions is vulnerable to parameter manipulation via the "edit profile" page of authenticated users. Description CWE-280: Improper Handling of Insufficient Permissions or PrivilegesVanilla Forums version 2.1.a26 and possibly other version...
Axigen Mail Server directory traversal vulnerability
Overview Axigen Mail Server contains a directory traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted DirectoryAxigen Mail Server has a web based administration site which allows authorized administrators to perform certain actions via HTTP. The 'View Log...
Cerberus FTP Server web interface cross-site request forgery vulnerability
Overview The Cerberus FTP Server web interface contains a cross-site request forgery vulnerability Description CWE-352: Cross-Site Request Forgery CSRF: The Cerberus FTP Server web interface is vulnerable to CSRF using the HTTP POST method in the :10000/usermanager/users/modify. The application h...
Open Technology Real Services nested tags cross-site scripting vulnerability
Overview Open Technology Real Services OTRS is susceptible to a cross-site scripting vulnerability when viewing HTML webpages with nested tags. Description Open Technology Real Services OTRS contains a cross-site scripting CWE-79 vulnerability in the email body. An attacker may be able to load...
Netsweeper Internet Filter WebAdmin Portal multiple vulnerabilities
Overview Netsweeper Internet Filter WebAdmin Portal contains XSS, CSRF and SQLi vulnerabilities. Description Netsweeper Internet Filter's WebAdmin Portal contains the following XSS, CSRF and SQLi vulnerabilities.CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...
Pluck SiteLife software multiple XSS vulnerabilities
Overview Pluck SiteLife software contains multiple XSS vulnerabilities. Description According to DemandMedia's website Pluck SiteLife software is an integrated community platform architected for brands. Pluck SiteLife software contains multiple cross site scripting XSS vulnerabilities. CWE-79:...
Microsoft Windows UDP packet parsing vulnerability
Overview A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service. Description Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a...
ProjectForum XSS vulnerability
Overview ProjectForum 7.0.1.3038 and possibly previous versions, are vulnerable to cross site scripting XSS. Description CourseForum's ProjectForum software fails to sanitize all input fields. As a result, cross site scripting XSS attacks can be conducted. By default, a non-credentialed user can...
ISC Bind 9 IXFR or DDNS update combined with high query rate DoS vulnerability
Overview A denial-of-service condition exists in certain cases when an ISC Bind server processes a IXFR transfer or dynamic update. Description The ISC security advisory states:"When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time...
Microsoft WMI Administrative Tools WBEMSingleView.ocx ActiveX control vulnerability
Overview The ActiveX control, WBEMSingleView.ocx, that is a part of the WMI Administrative Tools package contains a vulnerability. Description The AddContextRef and ReleaseContext functions of the WMI Object Viewer control can be passed an object pointer from an attacker that results in arbitrary...
Microsoft Internet Explorer invalid flag reference vulnerability
Overview Microsoft Internet Explorer invalid flag reference vulnerability Description According to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets CSS tags when parsing HTML,...
VMware VMnc AVI video codec image height heap overflow
Overview The VMware VMnc video codec fails to properly handle the image height value in AVI files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Several VMware products include the ability to create and play movies of running...
RealNetworks RealPlayer Shockwave Flash (SWF) file vulnerability
Overview RealNetworks RealPlayer fails to properly handle frames within Shockwave Flash SWF files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RealNetworks RealPlayer application provides support for the SWF file format. A...
Microsoft Office Snapshot Viewer ActiveX control race condition
Overview The Microsoft Office Snapshot Viewer ActiveX control contains a race condition, which can allow a remote, unauthenticated attacker to download arbitrary files to arbitrary locations. Description Microsoft Snapshot Viewer is a viewer for snapshots created with Microsoft Access. Snapshot...
SkyPortal contains multiple SQL injection vulnerabilities
Overview SkyPortal RC6 contains multiple SQL injection vulnerabilities which could allow a remote, unauthenticated attacker to gain access to the back-end database and to add, modify or remove data. Description SkyPortal is a modular web portal and online community system that includes web-based...
Apple QuickTime "file: URL" arbitrary code execution
Overview Apple QuickTime does not properly handle "file: URLs" which may allow an attacker to execute arbitrary code. Description Apple QuickTime is a multiplatform multimedia software architecture which provides file format converters for more than 250 common image, video, and audio file...
GnuTLS Client Hello repeat Denial of Service
Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted TLS packet that contains multiple Client Hello messages...
BGP implementations do not properly handle UPDATE messages
Overview BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability...
cPanel XSRF vulnerabilities
Overview cPanel contains multiple cross-site request forgery XSRF vulnerabilities. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary commands. Description cPanel, a web-based tool that is designed to automate and control web sites and servers, contains...
Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control stack buffer overflow
Overview The Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes multip...
Mortbay Jetty fails to properly handle cookies with quotes
Overview Mortbay Jetty fails to properly handle cookie quotes, which may allow session hijacking. Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle cookies with certain quote sequences. This can cause the Jetty cookie parsing mechanism to improperly...
Apple QuickTime heap buffer overflow vulnerability
Overview Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. Color table atoms can set a list of preferred colors for displaying movieson...
Mozilla-based browsers jar: URI cross-site scripting vulnerability
Overview Mozilla-based web browsers including Firefox contain a vulnerability that may allow an attacker to execute code, or conduct cross-site scripting attacks. Description The jar: protocol is designed to extract content from ZIP compressed files. Mozilla-based browsers include support for jar...
RealPlayer playlist name stack buffer overflow
Overview RealPlayer contains a stack buffer overflow in the handling of playlist names, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...
Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to methods
Overview The Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to dangerous methods, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that is implemented a...
MIT Kerberos 5 kadmind privilege escalation vulnerability
Overview MIT Kerberos kadmind contains a privilege escalation vulnerability that may allow an authenticated attacker to execute code with root privileges. Description Kerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It ...
Atheros wireless network drivers may fail to properly handle malformed frames
Overview Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description Some versions of the Microsoft Windows drivers for Atheros 802.11 a/b/g wireless adapters fail ...
Microsoft Windows Active Directory fails to properly validate LDAP requests
Overview A vulnerability in Windows Active Directory could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Lightweight Directory Access Protocol LDAP is a standard protocol that enables users to query or modify the data in a meta directory. Microsoft's...
SAP Message Server heap buffer overflow
Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...
Second Sight Software ActiveGS ActiveX control stack buffer overflows
Overview The Second Sight Software ActiveGS ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveGS is an Apple IIGS emulator that is provided as an...
Intel Centrino wireless drivers fail to properly process malformed frames
Overview Microsoft Windows drivers for Intel Centrino wireless adapters fail to properly handle malformed frames. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Windows drivers for Intel Centrino 2200BG and 2915ABG PRO wireless adapters fail to...
CA BrightStor ARCserver Tape Engine denial-of-service vulnerability
Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to shut down the tape engine interface. Description BrightStor ARCserve Backup is a backup and data retention tool that...
Apple Mac OS X DirectoryService may allow arbitrary users to change the root password
Overview A vulnerabilty in the Apple Mac OS X DirectoryService may allow unprivileged users to change the root password. Description The Apple Mac OS X DirectoryService contains a vulnerability that may allow unprivileged LDAP users to change the local root password. According to Apple security...
Apple Mac OS X UserNotificationCenter privilege escalation vulnerability
Overview Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Description The Apple UserNotificationCenter contains a privilege escalation vulnerability. This vulnerability occurs because the Apple UserNotificationCenter runs with elevate...
Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability
Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...