Lucene search
K
CertMost viewed

3702 matches found

CERT
CERT
added 2003/08/20 12:0 a.m.31 views

SGI IRIX contains buffer overflow vulnerability in "cpr" program

Overview A vulnerability in cpr may allow a local attacker execute arbitrary code. Description SGI describes cpr as follows:IRIX Checkpoint and Restart CPR offers a set of user-transparent software management tools, allowing system administrators, operators, and users with suitable privileges to...

7.2CVSS7.3AI score0.00392EPSS
Exploits0References3
CERT
CERT
added 2003/07/25 12:0 a.m.31 views

Microsoft Windows DirectX MIDI library does not adequately validate MThd track values in MIDI files

Overview A Microsoft Windows DirectX library, quartz.dll, does not properly validate the number of tracks value in Musical Instrument Digital Interface MIDI files. An attacker could exploit this vulnerability to execute arbitrary code or crash any application using the library, causing a denial o...

7.5CVSS7.2AI score0.32667EPSS
Exploits0References3
CERT
CERT
added 2003/07/21 12:0 a.m.31 views

Symantec ActiveX control vulnerable to buffer overflow

Overview There is a buffer overflow in a component of Symantec's web-based Security Check. Description Symantec describes Security Check as "a free web-based tool that enables users to test their computer's exposure to a wide range of on-line threats. As part of running the check, users may insta...

7.5CVSS6.6AI score0.08696EPSS
Exploits0References9
CERT
CERT
added 2003/05/13 12:0 a.m.31 views

Adobe Acrobat does not adequately validate Acrobat JavaScript

Overview Adobe Acrobat contains a vulnerability in its JavaScript parsing engine that could allow an attacker to place arbitrary files on the local file system. Description Different versions of Adobe Acrobat software can create, modify, and read Portable Document Format PDF files. Acrobat...

7.5CVSS6AI score0.02106EPSS
Exploits0References6
CERT
CERT
added 2003/05/12 12:0 a.m.31 views

Kerio Personal Firewall vulnerable to buffer overflow

Overview Kerio Personal Firewall contains a buffer overflow that may allow a remote attacker to execute arbitrary code. An exploit for this vulnerability is publicly available. Description Kerio Technologies Inc. describes the Kerio Personal Firewall as follows:Kerio Personal Firewall KPF is a...

7.5CVSS7.4AI score0.6909EPSS
Exploits8References9
CERT
CERT
added 2003/05/05 12:0 a.m.31 views

Microsoft Internet Explorer does not adequately validate window ornament parameters in dialog frames

Overview A vulnerability in the way Microsoft Internet Explorer IE handles window ornament parameters in dialog frames allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookie...

5CVSS7.6AI score0.25248EPSS
Exploits1References9
CERT
CERT
added 2003/04/28 12:0 a.m.31 views

tcpdump enters infinite loop when parsing crafted ISAKMP packets

Overview There is a denial-of-service vulnerability in tcpdump that may allow a remote attacker to cause tcpdump to enter an infinite loop. Description tcpdump, a tool used to monitor network traffic, has the ability to capture Internet Security Association and Key Management Protocol ISAKMP...

5CVSS5.8AI score0.11342EPSS
Exploits3References5
CERT
CERT
added 2003/04/04 12:0 a.m.31 views

Eye of Gnome contains format string vulnerability in the file name handling of command line arguments

Overview Eye of Gnome contains a format string vulnerability that may allow remote attackers to execute arbitrary code with the privileges of the user running the application, typically an unprivileged system user. Description Eye of Gnome EOG is an image viewing application that is part of the...

4.6CVSS7.2AI score0.01684EPSS
Exploits2References2
CERT
CERT
added 2003/04/04 12:0 a.m.31 views

Entrust Authority Security Manager (EASM) does not enforce multiple authorization requirement for master user password change

Overview Entrust Authority Security Manager contains a vulnerability that could allow a master user to change the password of another master user. A master user could exploit this vulnerability to perform operations that otherwise require authorization by multiple master users. Description Entrus...

2.1CVSS6.2AI score0.05263EPSS
Exploits0References3
CERT
CERT
added 2003/03/06 12:0 a.m.31 views

Automatic File Content Type Recognition Tool contains memory allocation problem

Overview A memory allocation problem exists in the "Automatic File Content Type Recognition Tool" versions of the file1 package prior to 3.41. Description According to an OpenPKG advisory, a memory allocation problem exists in the "Automatic File Content Type Recognition Tool" AFCTR tool versions...

6.5AI score
Exploits0References1
CERT
CERT
added 2003/03/06 12:0 a.m.31 views

Physical access to a computer system can be used to bypass software-based access control mechanisms

Overview An intruder who gains physical access to a computer system can bypass software-based control mechanisms. Description If an intruder can gain physical access to a computer resource, he can bypass software-based access control mechanisms, install Trojans horses, install hardware to...

7AI score
Exploits0References5
CERT
CERT
added 2003/02/21 12:0 a.m.31 views

Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities

Overview Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol SIP. These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Ove...

5CVSS7AI score0.05EPSS
Exploits1References9
CERT
CERT
added 2003/02/06 12:0 a.m.31 views

Microsoft Internet Explorer allows arbitrary local file reading via "showHelp()" function

Overview A vulnerability in Microsoft Internet Explorer IE allows remote attackers to read arbitrary files on a vulnerable system. Description A vulnerability in the showHelp Method contained within IE may allow a remote attacker to read arbitrary files. For further details, please see the...

7.5CVSS7.6AI score0.38935EPSS
Exploits0References4
CERT
CERT
added 2003/02/04 12:0 a.m.31 views

ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received

Overview A vulnerability in the Internet Software Consortium's "dhcrelay" makes it possible for a remote attacker to use dhcrelay to launch a denial-of-service attack against a victim dhcp server. Description The Internet Software Consortium ISC produces a "freely redistributable reference...

5CVSS6.6AI score0.07955EPSS
Exploits0References5
CERT
CERT
added 2002/12/19 12:0 a.m.31 views

Buffer overflow in Microsoft Windows Shell

Overview A remotely exploitable buffer overflow exists in the Microsoft Windows Shell. This buffer overflow is present in all versions of Windows XP, but it is not present in other versions of Windows. Description There is a buffer overflow in the Microsoft Windows Shell. The Shell provides the...

7.5CVSS7AI score0.23419EPSS
Exploits0References2
CERT
CERT
added 2002/10/17 12:0 a.m.31 views

Multiple IPsec implementations do not adequately validate authentication data

Overview IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. Description For background: RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header RFC...

5CVSS7AI score0.02474EPSS
Exploits0References4
CERT
CERT
added 2002/10/11 12:0 a.m.31 views

Microsoft Java implementation JDBC functions do not properly validate parameters

Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM contain functions that do not properly validate parameters. A malicious Java applet can exploit this vulnerability to crash programs on the client system. Description Microsoft's Java VM is installed on...

5CVSS7.1AI score0.27267EPSS
Exploits0References2
CERT
CERT
added 2002/10/01 12:0 a.m.31 views

DHTML Edit Control for IE5 allows local files to be uploaded to web server

Overview A vulnerability exists in the DHTML Edit Control for IE5 that allows arbitrary local files to be uploaded to a web server. Description DHTML Edit is an activex control that is marked safe-for-scripting. This control can be embedded in a website, and permit local files to be remotely...

2.6CVSS6AI score0.13291EPSS
Exploits0References1
CERT
CERT
added 2002/10/01 12:0 a.m.31 views

SetupCtl 1.0 Type Library contains a buffer overflow

Overview SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely exploitable buffer overflow. This control ships with Microsoft Internet Explorer 4.01 and 5. Description SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely...

10CVSS7AI score0.24429EPSS
Exploits0References2
CERT
CERT
added 2002/09/27 12:0 a.m.31 views

Microsoft Exchange 2000 system attendant sets incorrect remote registry permissions

Overview The Microsoft Exchange System Attendant sets the permissions on a registry key incorrectly, allowing remote intruders access to the registry. Description The Microsoft Exchange System Attendant changes the permissions of the...

6.4CVSS6.2AI score0.13305EPSS
Exploits0References2
CERT
CERT
added 2002/09/16 12:0 a.m.31 views

Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site

Overview PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server. Description PHP-Nuke is a tool designed to ease web site creation and maintenance. PHP-Nuke includes a script named index.php, which uses PHP's include function t...

7.5CVSS7.2AI score0.06497EPSS
Exploits0References1
CERT
CERT
added 2002/09/16 12:0 a.m.31 views

MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference

Overview A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm. Description The MIT Kerberos V5 Key Distribution Center KDC contains a vulnerability that allows certain protocol requests to crash the KDC by...

5CVSS9.2AI score0.0483EPSS
Exploits0References2
CERT
CERT
added 2002/09/09 12:0 a.m.31 views

HP Tru64 UNIX "quot" contains buffer overflow (SSRT2191)

Overview The HP Tru64 UNIX implementation of "quot" contains a locally exploitable buffer overflow. Description "quot" is used to summarize file system ownership. A locally exploitable buffer overflow in "quot" may permit a local attacker to gain elevated privileges and execute arbitrary code on ...

8.2AI score
Exploits0References1
CERT
CERT
added 2002/08/05 12:0 a.m.31 views

Talentsoft Web+ contains buffer overflow in "webpsvc.exe"

Overview Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+. Description Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffe...

10CVSS7.4AI score0.08961EPSS
Exploits0References2
CERT
CERT
added 2002/06/13 12:0 a.m.31 views

Chunked encoding post can consume excessive memory on IIS 4.0 webserver

Overview Microsoft IIS 4.0, circa March 2000, contained a vulnerability that allowed an intruder to consume unlimited memory on a vulnerable server. Description Older versions of IIS 4.0, circa March 2000, contained a vulnerability in the chunked-encoding transfer mechanism that permitted an...

5CVSS6.5AI score0.06808EPSS
Exploits0References5
CERT
CERT
added 2002/06/05 12:0 a.m.31 views

Microsoft Exchange 2000 exhausts server resources while attempting to process malformed mail attributes

Overview Microsoft Exchange 2000 contains a vulnerability that allows remote attackers to conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed. Description Microsoft Exchange 2000 contains a vulnerability in its handling of...

5CVSS6.1AI score0.15239EPSS
Exploits0References3
CERT
CERT
added 2002/05/16 12:0 a.m.31 views

Nortel Networks CVX 1800 discloses privileged information

Overview The Nortel Networks CVX 1800 Multi-Service Access Switch discloses privileged information. Description The CVX 1800 Multi-Service Access Switch is a large modem bank typically used by large carriers and ISP's. When the CVX 1800 is queried with a specially crafted snmpwalk, it will respon...

7.5CVSS6.3AI score0.19903EPSS
Exploits1References3
CERT
CERT
added 2002/04/11 12:0 a.m.31 views

Apache HTTP Server on Win32 systems does not securely handle input passed to CGI programs

Overview A vulnerability in the Apache HTTP Server running on Win32 systems Windows 9x/Me, Windows NT/2000/XP could allow an attacker to execute commands with the privileges of the web server process. Description The Apache HTTP Server is a freely available web server that runs on a variety of...

7.5CVSS7AI score0.50371EPSS
Exploits1References7
CERT
CERT
added 2002/04/10 12:0 a.m.31 views

Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in redirect response messages

Overview Visitors to web sites that use Microsoft IIS and also issue redirect response messages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...

7.5CVSS6AI score0.31027EPSS
Exploits0References2
CERT
CERT
added 2002/04/05 12:0 a.m.31 views

AOL Instant Messenger contains buffer overflows in parsing of AIM URI handler requests

Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A buffer overflow vulnerability exists that can manipulate the configuration of the victim's client. Description AIM installs a URI handler that permits the use of the "aim:" protocol on the...

6.7AI score
Exploits0References3
CERT
CERT
added 2002/03/06 12:0 a.m.31 views

Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"

Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...

5.8AI score
Exploits0References4
CERT
CERT
added 2002/03/06 12:0 a.m.31 views

Oracle 9iAS XSQL Servlet ignores file permissions allowing arbitrary users to view sensitive configuration files

Overview It is possible to read the sensitive configuration files from an Oracle 9i Application Server without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially compromising it. Description Default installation of the Oracle 9...

7.5CVSS9AI score0.1893EPSS
Exploits0References1
CERT
CERT
added 2002/03/04 12:0 a.m.31 views

Multiple implementations of the RADIUS protocol contain a digest calculation buffer overflow

Overview Multiple implementations of the RADIUS protocol contain a buffer overflow in the function that calculates message digests. Description During the message digest calculation, a string containing the shared secret is concatenated with a packet received without checking the size of the targ...

7.5CVSS7.8AI score0.08544EPSS
Exploits0References2
CERT
CERT
added 2002/03/03 12:0 a.m.31 views

cryptcat does not encrypt data communications when -e command argument is used

Overview With certain options used, cryptcat does not encrypt network connections as expected. Description Cryptcat is an enhanced version of netcat that adds twofish encryption.If cryptcat is started in listen server mode binding a shell to a network port, cryptcat fails to enable encryption...

6.8AI score
Exploits0References1
CERT
CERT
added 2001/10/29 12:0 a.m.31 views

NSI RWhoisd contains format string vulnerability in print_error()

Overview A remotely exploitable format string vulnerability exists in the Referral Whois server daemon RWhoisd. Description As the Internet has grown, the centralized whois database was not able to scale. In order to deal with scaling the whois system, Referral Whois was developed. Referral Whois...

7.5CVSS6.6AI score0.06951EPSS
Exploits0References1
CERT
CERT
added 2001/09/26 12:0 a.m.31 views

AOLServer contains buffer overflow in ParseAuth()

Overview AOLServer versions 3.3.0 and earlier contain an exploitable buffer overflow. This can lead to arbitrary execution of code on the system. Description AOLServer is a free open source web server. It was originally written by America Online AOL, and is currently developed and maintained by A...

10CVSS7.9AI score0.1611EPSS
Exploits1References2
CERT
CERT
added 2001/09/26 12:0 a.m.31 views

IBM AIX portmir buffer overflow

Overview There is a buffer overflow vulnerability in the AIX portmir command that may allow local attackers to gain root privileges. Description There is a buffer overflow in the AIX portmir command. This problem was described in IBM ERS security bulletin: ERS-SVA-E01-1997:006.1. --- Impact...

7.2CVSS7AI score0.00786EPSS
Exploits0References2
CERT
CERT
added 2001/09/25 12:0 a.m.31 views

Taylor UUCP Package fails to properly filter command line arguments

Overview Several Linux/Unix systems ship with a utility package called Taylor UUCP. A component of the UUCP package, uuxqt, fails to properly filter arguments from the commands sent to it. This can allow an intruder to gain elevated privileges and execute commands with the privileges of uucp,...

7.2CVSS6.3AI score0.01077EPSS
Exploits1References7
CERT
CERT
added 2001/09/20 12:0 a.m.31 views

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits telnet access when no password has been set

Overview The Cisco 6400 Access Concentrator Node Route Processor 2 NRP2 module permits unauthenticated telnet access when no password has been set. Description The Access Concentrator Node Route Processor is a router blade for the Cisco 6400. It's purpose is to aggregate and terminate incoming...

7.5CVSS7.3AI score0.02514EPSS
Exploits1References3
CERT
CERT
added 2001/09/18 12:0 a.m.31 views

Microsoft Windows 2000 Telnet Service contains handle leak

Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a resource starvation vulnerability that prevents the server...

5CVSS6.3AI score0.05927EPSS
Exploits0References3
CERT
CERT
added 2001/09/14 12:0 a.m.31 views

FreeBSD can be compromised locally via signal handlers

Overview The FreeBSD operating system does not adequately clear signal handlers subsequent to a process calling exec on a setuid program. This vulnerability can allow a local attacker to execute arbitrary code as root. Description The unix fork function's purpose is to create a new process from a...

7.2CVSS6.8AI score0.00595EPSS
Exploits1References3
CERT
CERT
added 2001/07/23 12:0 a.m.31 views

Lotus Domino vulnerable to DoS via crafted unicode GET request

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation. Description Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the...

6.9AI score
Exploits0References3
CERT
CERT
added 2001/07/12 12:0 a.m.31 views

Lotus Domino vulnerable to DoS via crafted HTTP header requests

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Description HTTP requests with uniquely crafted headers using "Accept", "Accept-Charset", "Accept-Encoding", "Accept-Language" or "Content-Type" are not freed properly. This means that...

6.7AI score
Exploits0References4
CERT
CERT
added 2001/06/01 12:0 a.m.31 views

Hewlett-Packard MPE/iX NM Debug does not always handle breakpoints correctly

Overview There is a problem in the NM Debug facility of MPE/iX that allows users to gain unauthorized privileges. Description The problem affects HP3000 systems running MPE/iX versions 5.5 through 6.5. HP has published a security bulletin describing the solution to this vulnerability...

7.2CVSS6.2AI score0.00509EPSS
Exploits0
CERT
CERT
added 2001/05/09 12:0 a.m.31 views

SGI IRIX Embedded Support Partner (ESP) service rpc.espd contains buffer overflow

Overview There is a remotely-accessible buffer overflow in SGI IRIX systems running rpc.espd that may allow remote attackers to execute arbitrary code. The Embedded Support Partner daemon rpc.espd is enabled by default on all IRIX versions since 6.5.5. Description The Embedded Support Partner...

7.5CVSS8.2AI score0.03274EPSS
Exploits0References3
CERT
CERT
added 2001/04/10 12:0 a.m.31 views

Alcatel ADSL modems provide EXPERT administrative account with an easily reversible encrypted password

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...

7.8AI score
Exploits0References3
CERT
CERT
added 2001/01/10 12:0 a.m.31 views

Seagate Crystal Reports exposes cleartext username/password pairs when embedded in URL or HTTP request

Overview The Seagate Crystal Reports product exposes passwords to back-end databases in certain configurations. In particular, the username and password are transmitted in plaintext from the client browser to the server as part of the URL when using technologies other than Active Server Pages ASP...

7.5AI score
Exploits0References1
CERT
CERT
added 2000/12/21 12:0 a.m.31 views

BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow

Overview There is a off-by-one vulnerability in several BSD-derived ftpd servers. Description The ftp server in several BSD distributions contains a defect which allows one byte of the program memory allocated within a stack frame to be overwritten with a NUL byte '\0'. The byte in question is...

10CVSS7.3AI score0.17929EPSS
Exploits1References6
CERT
CERT
added 2000/12/15 12:0 a.m.31 views

SGI IRIX df buffer overflow in directory argument

Overview Description The df program is used to display statistics about the amount of used and free disc space on a set of mounted file systems. Alternately, it can be used to check on the amount of space available on unmounted block devices which may be specified by some path. Due to insufficien...

7.2CVSS7.5AI score0.12261EPSS
Exploits0References5
CERT
CERT
added 2000/11/10 12:0 a.m.31 views

ISC BIND 8.2.2-P6 vulnerable to DoS via compressed zone transfer, aka the "zxfr bug"

Overview There is a denial-of-service vulnerability in several versions of the Internet Software Consortium's ISC BIND software. This vulnerability is referred to by the ISC as the "zxfr bug." It affects ISC BIND version 8.2.2, patch levels 1 through 6. Description Using this vulnerability,...

5CVSS6.2AI score0.22937EPSS
Exploits1References5
Total number of security vulnerabilities3702