3695 matches found
MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference
Overview A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm. Description The MIT Kerberos V5 Key Distribution Center KDC contains a vulnerability that allows certain protocol requests to crash the KDC by...
HP Tru64 UNIX "quot" contains buffer overflow (SSRT2191)
Overview The HP Tru64 UNIX implementation of "quot" contains a locally exploitable buffer overflow. Description "quot" is used to summarize file system ownership. A locally exploitable buffer overflow in "quot" may permit a local attacker to gain elevated privileges and execute arbitrary code on ...
Talentsoft Web+ contains buffer overflow in "webpsvc.exe"
Overview Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+. Description Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffe...
Network Associates PGP Outlook Plug-in contains buffer overflow in decoding mechanism
Overview A remotely exploitable buffer overflow exists in the Network Associates PGP Outlook Plug-in. Description As reported in eEye Digital Security Advisory AD20020710, a remotely exploitable buffer overflow exists in the PGP Outlook Plug-in. By sending a specially crafted message to a victim,...
Chunked encoding post can consume excessive memory on IIS 4.0 webserver
Overview Microsoft IIS 4.0, circa March 2000, contained a vulnerability that allowed an intruder to consume unlimited memory on a vulnerable server. Description Older versions of IIS 4.0, circa March 2000, contained a vulnerability in the chunked-encoding transfer mechanism that permitted an...
Microsoft Exchange 2000 exhausts server resources while attempting to process malformed mail attributes
Overview Microsoft Exchange 2000 contains a vulnerability that allows remote attackers to conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed. Description Microsoft Exchange 2000 contains a vulnerability in its handling of...
Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in redirect response messages
Overview Visitors to web sites that use Microsoft IIS and also issue redirect response messages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...
cryptcat does not encrypt data communications when -e command argument is used
Overview With certain options used, cryptcat does not encrypt network connections as expected. Description Cryptcat is an enhanced version of netcat that adds twofish encryption.If cryptcat is started in listen server mode binding a shell to a network port, cryptcat fails to enable encryption...
OpenSSH UseLogin directive permits privilege escalation
Overview OpenSSH is an implementation of the Secure Shell protocol. When OpenSSH is configured with the UseLogin directive equal to "yes", an intruder can execute arbitrary code with the privileges of OpenSSH, usually root. Description OpenSSH contains a vulnerability that permits an intruder to...
Lotus Domino R5 Server vulnerable to DoS via nmap RPC scan on port 443/tcp
Overview Versions earlier than 5.0.9 of Lotus Domino R5 Servers with Secure Socket Layer SSL enabled are vulnerable to a denial of sevice. Description A remote user is able to crash the HTTP serving process on any Lotus Domino R5 Server using the nmap utility. Sending a request to port 443, the...
NSI RWhoisd contains format string vulnerability in print_error()
Overview A remotely exploitable format string vulnerability exists in the Referral Whois server daemon RWhoisd. Description As the Internet has grown, the centralized whois database was not able to scale. In order to deal with scaling the whois system, Referral Whois was developed. Referral Whois...
IBM AIX portmir buffer overflow
Overview There is a buffer overflow vulnerability in the AIX portmir command that may allow local attackers to gain root privileges. Description There is a buffer overflow in the AIX portmir command. This problem was described in IBM ERS security bulletin: ERS-SVA-E01-1997:006.1. --- Impact...
FreeBSD can be compromised locally via signal handlers
Overview The FreeBSD operating system does not adequately clear signal handlers subsequent to a process calling exec on a setuid program. This vulnerability can allow a local attacker to execute arbitrary code as root. Description The unix fork function's purpose is to create a new process from a...
SSH Secure Shell sshd2 does not adequately authenticate logins to accounts with encrypted password fields containing two or fewer characters
Overview A vulnerability exists in SSH Secure Shell that allows an intruder to log to an account which contains a stored encrypted password of two or fewer characters in length. An intruder may leverage the privileges of such an account to gain full control of the system. Description Certain Unix...
Lotus Domino vulnerable to DoS via crafted unicode GET request
Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service situation. Description Sending a crafted GET request containing numerous unicode characters can trigger a server exception that will crash the Domino server. If qnc.exe is removed from the...
SGI IRIX Embedded Support Partner (ESP) service rpc.espd contains buffer overflow
Overview There is a remotely-accessible buffer overflow in SGI IRIX systems running rpc.espd that may allow remote attackers to execute arbitrary code. The Embedded Support Partner daemon rpc.espd is enabled by default on all IRIX versions since 6.5.5. Description The Embedded Support Partner...
Sun Solaris SNMP proxy agent /opt/SUNWssp/bin/snmpd contains buffer overflow
Overview The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges. Description The Sun Enterprise 10000 is monitored and controlled by a systems called ...
Queries to ISC BIND servers may disclose environment variables
Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is an information leakage vulnerability in BIND 4.9.x and 8.2.x, which may allow remote intruders to obtain information from systems running BIND...
Borland/Inprise Interbase SQL database server contains backdoor superuser account with known password
Overview Description Interbase is an open source database package that is distributed by Borland/Inprise. The server contains a compiled-in backdoor account with a known password.In the following interbase code, references are made about a LOCKSMITH user: ./jrd/dyn.e ./jrd/isc.c ./jrd/jrd.c...
KTH Kerberos environment variables krb4proxy and KRBCONFDIR may be used insecurely
Overview The environment variables krb4proxy and KRBCONFDIR may be respected by client programs such as login or su, in such a way that local or remote intruders can cause the client program to accept authentication requests from a malicious KDC. The vulnerabilites may be exploited remotely by...
SGI IRIX df buffer overflow in directory argument
Overview Description The df program is used to display statistics about the amount of used and free disc space on a set of mounted file systems. Alternately, it can be used to check on the amount of space available on unmounted block devices which may be specified by some path. Due to insufficien...
LPRng can pass user-supplied input as a format string parameter to syslog() calls
Overview A popular replacement software package to the BSD lpd printing service called LPRng contains at least one software defect known as a "format string vulnerability" which may allow remote users to execute arbitrary code on vulnerable systems. The privileges of such code will probably be...
ISC BIND 8.2.2-P6 vulnerable to DoS via compressed zone transfer, aka the "zxfr bug"
Overview There is a denial-of-service vulnerability in several versions of the Internet Software Consortium's ISC BIND software. This vulnerability is referred to by the ISC as the "zxfr bug." It affects ISC BIND version 8.2.2, patch levels 1 through 6. Description Using this vulnerability,...
Wang/Kodak Image Thumbnail ActiveX Control
Overview Description The Image Thumbnail control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Thumbnail control is one of several controls used to provide image editting services through a web site. Becaus...
Wang/Kodak Image Admin ActiveX Control
Overview Description The Image Admin control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Admin control is one of several controls used to provide image editting services through a web site. Because the...
Dentsply Sirona CDR DICOM contains multiple hard-coded credentials
Overview The Dentsply Sirona previously known as Shick Technologies CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6530 Dentsply...
Up.time agent for Linux does not authenticate a user before allowing read access to the file system
Overview The up.time agent for Linux versions 7.5 and 7.6 may allow an unauthenticated remote attacker to read arbitrary files from a system. Description CWE-306: Missing Authentication for Critical Function - CVE-2015-8268According to the researcher, "The linux based uptime.agent version 7.5...
OpenELEC and RasPlex have a hard-coded SSH root password
Overview OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default. Description CWE-259: Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password on...
Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users
Overview Dovestones Software AD Self Password Reset, version 3.0.3.0 and earlier, fails to properly validate users, which enables an unauthenticated attacker to reset passwords for arbitrary accounts. Description CWE-284: Improper Access Control - CVE-2015-8267Dovestones Software AD Self Password...
QPR Portal contains multiple vulnerabilities
Overview QPR Portal versions 2014.1.1 and older contain reflected and stored cross-site scripting vulnerabilities, and versions 2012.2.0 and older contain an insecure direct object reference vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site...
Aker Secure Mail Gateway reflected XSS vulnerability
Overview Aker Secure Mail Gateway 2.5.2 and previous versions contain a reflected cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2013-6037Aker Secure Mail Gateway 2.5.2 and previous versions...
ZTE F460/F660 cable modems contain an unauthenticated backdoor
Overview ZTE F460/F660 cable modems contain an unauthenticated backdoor. Description ZTE F460/F660 cable modems contain an unauthenticated backdoor. The webshellcmd.gch script accepts unauthenticated commands that have administrative access to the device. It has been reported that the...
Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches contain a directory traversal vulnerability
Overview Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches running firmware version 1.9.16473 and possibly previous versions contain a directory traversal vulnerability CWE-23. Description CWE-23: Relative Path Traversal Emerson Network Power Avocent...
SketchUp Viewer buffer overflow vulnerability
Overview SketchUp Viewer version 13.0.4124 is vulnerable to a buffer overflow when opening a malformed .SKP file. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-6038SketchUp Viewer version 13.0.4124 is vulnerable to a stack buffer overflow when parsing a specially crafted .SKP file...
SearchBlox contains multiple vulnerabilities
Overview SearchBlox contains multiple vulnerabilities that can allow an unauthenticated attacker to overwrite critical data on the filesystem, read cleartext user credentials, or execute arbitrary code on a vulnerable system. Description SearchBlox versions 7.4 Build 1 and older contain multiple...
Mutiny Technology virtual appliance command injection vulnerability
Overview The Mutiny Technology virtual appliance contains a command injection vulnerability which could allow an attacker to inject commands into the appliance. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection'The Mutiny Technology virtual...
JasPer memory corruption vulnerabilities
Overview Some versions of JasPer contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code. Description JasPer fails to properly decode marker segments and other sections in malformed JPEG2000 files. Malformed inputs can cause heap buffer overflo...
Investintech.com SlimPDF Reader contains multiple vulnerabilities
Overview Investintech.com's SlimPDF viewer contains multiple vulnerabilities which may result in a denial of service and possibly arbitrary code execution. Description Investintech.com's SlimPDF viewer contains multiple vulnerabilities, which include; user mode write access violations, read acces...
Multiple Quagga remote component vulnerabilities
Overview Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. Description CERT-FI reports:Quagga is an open source routing software that can handle various routing protocols such as RIP, BGP and OSPF. Five vulnerabilities have been found...
SCADA Engine BACnet OPC Client buffer overflow vulnerability
Overview SCADA Engine BACnet OPC Client contains a buffer overflow when parsing .csv files. This vulnerability may allow an attacker to execute arbitrary code. Description According to SCADA Engine website: "The SCADA Engine BACnet OPC Server is a server that provides data access DA, Alarms and...
Microsoft Internet Explorer invalid flag reference vulnerability
Overview Microsoft Internet Explorer invalid flag reference vulnerability Description According to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets CSS tags when parsing HTML,...
Unexpected ACL Behavior in BIND 9.7.2
Overview A flaw exists in BIND 9.7.2 through 9.7.2-P1 pertaining to how an ACL is applied. Description There is a flaw in BIND 9.7.2 through 9.7.2-P1 where the wrong ACL is applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it. This bug is primarily a ri...
Mozilla Firefox code execution vulnerability
Overview Mozilla Firefox versions prior to 2.0.0.15 contain a vulnerability that may allow an attacker to execute code. Description Versions of Mozilla Firefox prior to 2.0.0.15 contain a buffer overflow vulnerability. Browsers such as SeaMonkey and Epiphany that use Mozilla's rendering engine ma...
HP Online Support Services ActiveX AppendStringToFile() arbitrary file writing
Overview The HP Online Support Services ActiveX control contains a method called AppendStringToFile. This may allow a remote, unauthenticated attacker to write to files on a vulnerable system. Description HP Services provides online product support services including HP Instant Support. The...
GnuTLS Client Hello repeat Denial of Service
Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted TLS packet that contains multiple Client Hello messages...
Apple Safari vulnerable to xss via the processing of JavaScript URLs
Overview A vulnerability in the way Apple Safari handles JavaScript URLs may allow execution of JavaScript in the context of another site. Description Apple Safari contains a vulnerability that may cause a cross-site script injection when processing JavaScript URLs. According to Apple Security...
Microsoft Windows Vista privilege escalation vulnerability
Overview Microsoft Windows Vista contains a local privilege escalation vulnerability. Description The Windows Advanced Local Procedure Call ALPC does not properly evaluate certain conditions in legacy reply paths.Per Microsoft Security Bulletin MS07-066: An elevation of privilege vulnerability...
Apple QuickTime code execution vulnerability
Overview Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime can use atom containers to organize movies and music tracks.From Apple...
Guidance EnCase Enterprise uses weak authentication to identify target machines
Overview Guidance Software's EnCase Enterprise uses IP authentication to identify target machines. An attacker may be able to provide the EnCase SAFE server with a disk image from a different machine than an investigator requested. Description Guidance Software's EnCase Enterprise allows...
Guidance EnCase fails to detect more than 25 partitions
Overview Guidance Software's EnCase Forensic can only detect the first 25 partitions on a volume. Description Guidance Software's EnCase Forensic is a tool that allows an investigator to acquire and analyze a disk image. EnCase names partitions either c: through z:, with an additional partition...