3702 matches found
SGI IRIX contains buffer overflow vulnerability in "cpr" program
Overview A vulnerability in cpr may allow a local attacker execute arbitrary code. Description SGI describes cpr as follows:IRIX Checkpoint and Restart CPR offers a set of user-transparent software management tools, allowing system administrators, operators, and users with suitable privileges to...
Microsoft Windows DirectX MIDI library does not adequately validate MThd track values in MIDI files
Overview A Microsoft Windows DirectX library, quartz.dll, does not properly validate the number of tracks value in Musical Instrument Digital Interface MIDI files. An attacker could exploit this vulnerability to execute arbitrary code or crash any application using the library, causing a denial o...
Symantec ActiveX control vulnerable to buffer overflow
Overview There is a buffer overflow in a component of Symantec's web-based Security Check. Description Symantec describes Security Check as "a free web-based tool that enables users to test their computer's exposure to a wide range of on-line threats. As part of running the check, users may insta...
Adobe Acrobat does not adequately validate Acrobat JavaScript
Overview Adobe Acrobat contains a vulnerability in its JavaScript parsing engine that could allow an attacker to place arbitrary files on the local file system. Description Different versions of Adobe Acrobat software can create, modify, and read Portable Document Format PDF files. Acrobat...
Kerio Personal Firewall vulnerable to buffer overflow
Overview Kerio Personal Firewall contains a buffer overflow that may allow a remote attacker to execute arbitrary code. An exploit for this vulnerability is publicly available. Description Kerio Technologies Inc. describes the Kerio Personal Firewall as follows:Kerio Personal Firewall KPF is a...
Microsoft Internet Explorer does not adequately validate window ornament parameters in dialog frames
Overview A vulnerability in the way Microsoft Internet Explorer IE handles window ornament parameters in dialog frames allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookie...
tcpdump enters infinite loop when parsing crafted ISAKMP packets
Overview There is a denial-of-service vulnerability in tcpdump that may allow a remote attacker to cause tcpdump to enter an infinite loop. Description tcpdump, a tool used to monitor network traffic, has the ability to capture Internet Security Association and Key Management Protocol ISAKMP...
Eye of Gnome contains format string vulnerability in the file name handling of command line arguments
Overview Eye of Gnome contains a format string vulnerability that may allow remote attackers to execute arbitrary code with the privileges of the user running the application, typically an unprivileged system user. Description Eye of Gnome EOG is an image viewing application that is part of the...
Entrust Authority Security Manager (EASM) does not enforce multiple authorization requirement for master user password change
Overview Entrust Authority Security Manager contains a vulnerability that could allow a master user to change the password of another master user. A master user could exploit this vulnerability to perform operations that otherwise require authorization by multiple master users. Description Entrus...
Automatic File Content Type Recognition Tool contains memory allocation problem
Overview A memory allocation problem exists in the "Automatic File Content Type Recognition Tool" versions of the file1 package prior to 3.41. Description According to an OpenPKG advisory, a memory allocation problem exists in the "Automatic File Content Type Recognition Tool" AFCTR tool versions...
Physical access to a computer system can be used to bypass software-based access control mechanisms
Overview An intruder who gains physical access to a computer system can bypass software-based control mechanisms. Description If an intruder can gain physical access to a computer resource, he can bypass software-based access control mechanisms, install Trojans horses, install hardware to...
Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities
Overview Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol SIP. These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Ove...
Microsoft Internet Explorer allows arbitrary local file reading via "showHelp()" function
Overview A vulnerability in Microsoft Internet Explorer IE allows remote attackers to read arbitrary files on a vulnerable system. Description A vulnerability in the showHelp Method contained within IE may allow a remote attacker to read arbitrary files. For further details, please see the...
ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received
Overview A vulnerability in the Internet Software Consortium's "dhcrelay" makes it possible for a remote attacker to use dhcrelay to launch a denial-of-service attack against a victim dhcp server. Description The Internet Software Consortium ISC produces a "freely redistributable reference...
Buffer overflow in Microsoft Windows Shell
Overview A remotely exploitable buffer overflow exists in the Microsoft Windows Shell. This buffer overflow is present in all versions of Windows XP, but it is not present in other versions of Windows. Description There is a buffer overflow in the Microsoft Windows Shell. The Shell provides the...
Multiple IPsec implementations do not adequately validate authentication data
Overview IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. Description For background: RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header RFC...
Microsoft Java implementation JDBC functions do not properly validate parameters
Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM contain functions that do not properly validate parameters. A malicious Java applet can exploit this vulnerability to crash programs on the client system. Description Microsoft's Java VM is installed on...
DHTML Edit Control for IE5 allows local files to be uploaded to web server
Overview A vulnerability exists in the DHTML Edit Control for IE5 that allows arbitrary local files to be uploaded to a web server. Description DHTML Edit is an activex control that is marked safe-for-scripting. This control can be embedded in a website, and permit local files to be remotely...
SetupCtl 1.0 Type Library contains a buffer overflow
Overview SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely exploitable buffer overflow. This control ships with Microsoft Internet Explorer 4.01 and 5. Description SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely...
Microsoft Exchange 2000 system attendant sets incorrect remote registry permissions
Overview The Microsoft Exchange System Attendant sets the permissions on a registry key incorrectly, allowing remote intruders access to the registry. Description The Microsoft Exchange System Attendant changes the permissions of the...
Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site
Overview PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server. Description PHP-Nuke is a tool designed to ease web site creation and maintenance. PHP-Nuke includes a script named index.php, which uses PHP's include function t...
MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference
Overview A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm. Description The MIT Kerberos V5 Key Distribution Center KDC contains a vulnerability that allows certain protocol requests to crash the KDC by...
HP Tru64 UNIX "quot" contains buffer overflow (SSRT2191)
Overview The HP Tru64 UNIX implementation of "quot" contains a locally exploitable buffer overflow. Description "quot" is used to summarize file system ownership. A locally exploitable buffer overflow in "quot" may permit a local attacker to gain elevated privileges and execute arbitrary code on ...
Talentsoft Web+ contains buffer overflow in "webpsvc.exe"
Overview Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+. Description Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffe...
Chunked encoding post can consume excessive memory on IIS 4.0 webserver
Overview Microsoft IIS 4.0, circa March 2000, contained a vulnerability that allowed an intruder to consume unlimited memory on a vulnerable server. Description Older versions of IIS 4.0, circa March 2000, contained a vulnerability in the chunked-encoding transfer mechanism that permitted an...
Microsoft Exchange 2000 exhausts server resources while attempting to process malformed mail attributes
Overview Microsoft Exchange 2000 contains a vulnerability that allows remote attackers to conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed. Description Microsoft Exchange 2000 contains a vulnerability in its handling of...
Nortel Networks CVX 1800 discloses privileged information
Overview The Nortel Networks CVX 1800 Multi-Service Access Switch discloses privileged information. Description The CVX 1800 Multi-Service Access Switch is a large modem bank typically used by large carriers and ISP's. When the CVX 1800 is queried with a specially crafted snmpwalk, it will respon...
Apache HTTP Server on Win32 systems does not securely handle input passed to CGI programs
Overview A vulnerability in the Apache HTTP Server running on Win32 systems Windows 9x/Me, Windows NT/2000/XP could allow an attacker to execute commands with the privileges of the web server process. Description The Apache HTTP Server is a freely available web server that runs on a variety of...
Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in redirect response messages
Overview Visitors to web sites that use Microsoft IIS and also issue redirect response messages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...
AOL Instant Messenger contains buffer overflows in parsing of AIM URI handler requests
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A buffer overflow vulnerability exists that can manipulate the configuration of the victim's client. Description AIM installs a URI handler that permits the use of the "aim:" protocol on the...
Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"
Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...
Oracle 9iAS XSQL Servlet ignores file permissions allowing arbitrary users to view sensitive configuration files
Overview It is possible to read the sensitive configuration files from an Oracle 9i Application Server without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially compromising it. Description Default installation of the Oracle 9...
Multiple implementations of the RADIUS protocol contain a digest calculation buffer overflow
Overview Multiple implementations of the RADIUS protocol contain a buffer overflow in the function that calculates message digests. Description During the message digest calculation, a string containing the shared secret is concatenated with a packet received without checking the size of the targ...
cryptcat does not encrypt data communications when -e command argument is used
Overview With certain options used, cryptcat does not encrypt network connections as expected. Description Cryptcat is an enhanced version of netcat that adds twofish encryption.If cryptcat is started in listen server mode binding a shell to a network port, cryptcat fails to enable encryption...
NSI RWhoisd contains format string vulnerability in print_error()
Overview A remotely exploitable format string vulnerability exists in the Referral Whois server daemon RWhoisd. Description As the Internet has grown, the centralized whois database was not able to scale. In order to deal with scaling the whois system, Referral Whois was developed. Referral Whois...
AOLServer contains buffer overflow in ParseAuth()
Overview AOLServer versions 3.3.0 and earlier contain an exploitable buffer overflow. This can lead to arbitrary execution of code on the system. Description AOLServer is a free open source web server. It was originally written by America Online AOL, and is currently developed and maintained by A...
IBM AIX portmir buffer overflow
Overview There is a buffer overflow vulnerability in the AIX portmir command that may allow local attackers to gain root privileges. Description There is a buffer overflow in the AIX portmir command. This problem was described in IBM ERS security bulletin: ERS-SVA-E01-1997:006.1. --- Impact...
Taylor UUCP Package fails to properly filter command line arguments
Overview Several Linux/Unix systems ship with a utility package called Taylor UUCP. A component of the UUCP package, uuxqt, fails to properly filter arguments from the commands sent to it. This can allow an intruder to gain elevated privileges and execute commands with the privileges of uucp,...
Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits telnet access when no password has been set
Overview The Cisco 6400 Access Concentrator Node Route Processor 2 NRP2 module permits unauthenticated telnet access when no password has been set. Description The Access Concentrator Node Route Processor is a router blade for the Cisco 6400. It's purpose is to aggregate and terminate incoming...
Microsoft Windows 2000 Telnet Service contains handle leak
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a resource starvation vulnerability that prevents the server...
FreeBSD can be compromised locally via signal handlers
Overview The FreeBSD operating system does not adequately clear signal handlers subsequent to a process calling exec on a setuid program. This vulnerability can allow a local attacker to execute arbitrary code as root. Description The unix fork function's purpose is to create a new process from a...
Lotus Domino vulnerable to DoS via crafted unicode GET request
Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation. Description Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the...
Lotus Domino vulnerable to DoS via crafted HTTP header requests
Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Description HTTP requests with uniquely crafted headers using "Accept", "Accept-Charset", "Accept-Encoding", "Accept-Language" or "Content-Type" are not freed properly. This means that...
Hewlett-Packard MPE/iX NM Debug does not always handle breakpoints correctly
Overview There is a problem in the NM Debug facility of MPE/iX that allows users to gain unauthorized privileges. Description The problem affects HP3000 systems running MPE/iX versions 5.5 through 6.5. HP has published a security bulletin describing the solution to this vulnerability...
SGI IRIX Embedded Support Partner (ESP) service rpc.espd contains buffer overflow
Overview There is a remotely-accessible buffer overflow in SGI IRIX systems running rpc.espd that may allow remote attackers to execute arbitrary code. The Embedded Support Partner daemon rpc.espd is enabled by default on all IRIX versions since 6.5.5. Description The Embedded Support Partner...
Alcatel ADSL modems provide EXPERT administrative account with an easily reversible encrypted password
Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...
Seagate Crystal Reports exposes cleartext username/password pairs when embedded in URL or HTTP request
Overview The Seagate Crystal Reports product exposes passwords to back-end databases in certain configurations. In particular, the username and password are transmitted in plaintext from the client browser to the server as part of the URL when using technologies other than Active Server Pages ASP...
BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow
Overview There is a off-by-one vulnerability in several BSD-derived ftpd servers. Description The ftp server in several BSD distributions contains a defect which allows one byte of the program memory allocated within a stack frame to be overwritten with a NUL byte '\0'. The byte in question is...
SGI IRIX df buffer overflow in directory argument
Overview Description The df program is used to display statistics about the amount of used and free disc space on a set of mounted file systems. Alternately, it can be used to check on the amount of space available on unmounted block devices which may be specified by some path. Due to insufficien...
ISC BIND 8.2.2-P6 vulnerable to DoS via compressed zone transfer, aka the "zxfr bug"
Overview There is a denial-of-service vulnerability in several versions of the Internet Software Consortium's ISC BIND software. This vulnerability is referred to by the ISC as the "zxfr bug." It affects ISC BIND version 8.2.2, patch levels 1 through 6. Description Using this vulnerability,...