3702 matches found
ZTE F460/F660 cable modems contain an unauthenticated backdoor
Overview ZTE F460/F660 cable modems contain an unauthenticated backdoor. Description ZTE F460/F660 cable modems contain an unauthenticated backdoor. The webshellcmd.gch script accepts unauthenticated commands that have administrative access to the device. It has been reported that the...
Blue Coat ProxySG local user changes contain a time and state vulnerability
Overview Changes to Blue Coat ProxySG local users do not take effect immediately, giving an attacker with known credentials a window of opportunity to use those credentials even if the user was deleted or the password was changed. CWE-361 Description Blue Coat Security Advisory SA77 states:SGOS...
Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches contain a directory traversal vulnerability
Overview Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches running firmware version 1.9.16473 and possibly previous versions contain a directory traversal vulnerability CWE-23. Description CWE-23: Relative Path Traversal Emerson Network Power Avocent...
Microsoft Office 2010 Visio iFilter memory corruption vulnerability
Overview The Microsoft Office 2010 Visio iFilter contains a memory corruption vulnerability that can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office 2010 provides a set of iFilters that are used by a variety of applications to process Office...
SearchBlox contains multiple vulnerabilities
Overview SearchBlox contains multiple vulnerabilities that can allow an unauthenticated attacker to overwrite critical data on the filesystem, read cleartext user credentials, or execute arbitrary code on a vulnerable system. Description SearchBlox versions 7.4 Build 1 and older contain multiple...
CoreFTP contains a buffer overflow vulnerability
Overview CoreFTP contains a buffer overflow when parsing long directory names. Description CoreFTP is susceptible to a buffer overflow when parsing long directory names from a malicious FTP server. The LIST, VIEW, commands are vulnerable to a denial of service and the DELE command has been report...
Sophos Antivirus contains multiple vulnerabilities
Overview Sophos Antivirus contains multiple vulnerabilities including memory corruption issues and design flaws. Description Sophos Antivirus contains multiple vulnerabilities including memory corruption issues and design flaws. Tavis Ormandy's security report lists the following vulnerabilities...
Quagga contains multiple vulnerabilities
Overview Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Description Quagga 0.99.20 and previous versions are susceptible to various denial-of-service conditions. The Quagga advisories state the following:CVE-2012-0249 :E rror in...
Wibu-Systems CodeMeter remote denial of service vulnerability
Overview Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets. Description Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listen...
JasPer memory corruption vulnerabilities
Overview Some versions of JasPer contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code. Description JasPer fails to properly decode marker segments and other sections in malformed JPEG2000 files. Malformed inputs can cause heap buffer overflo...
Investintech.com SlimPDF Reader contains multiple vulnerabilities
Overview Investintech.com's SlimPDF viewer contains multiple vulnerabilities which may result in a denial of service and possibly arbitrary code execution. Description Investintech.com's SlimPDF viewer contains multiple vulnerabilities, which include; user mode write access violations, read acces...
MIT KDC vulnerable to double-free when PKINIT enabled
Overview The KDC in releases krb5-1.7 and later are vulnerable to a double-free vulnerability if they are configured to respond to PKINIT requests. Description The MIT krb5 Security Advisory 2011-003 states:"The MIT Kerberos 5 Key Distribution Center KDC daemon is vulnerable to a double-free...
Adobe Acrobat and Reader contain vulnerabilities in multiple Document Object JavaScript methods
Overview A vulnerability in the way Adobe Acrobat and Reader enforce privileges on JavaScript in PDF files could allow arbitrary files to be written to the local file system of an affected system. Description Adobe Reader and the Adobe Acrobat family of software are designed to create, view, and...
SAP AG SAPgui MDrmSap ActiveX control code execution vulnerability
Overview The MDrmSap ActiveX control, which is provide with the SAP AG SAPgui software, contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SAPgui is a graphical user interface client for SAP software. One of the...
InstallShield Update Service Agent ActiveX control memory corruption
Overview The InstallShield Update Service ActiveX control contains a memory corruption vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The InstallShield Update Service contains an ActiveX control called Update Service...
Microsoft Color Management System (MSCMS) module remote code execution
Overview The Microsoft Color Management System MSCMS module for the Microsoft ICM component is vulnerable to a remote code execution vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft, the Microsoft...
Mozilla Firefox code execution vulnerability
Overview Mozilla Firefox versions prior to 2.0.0.15 contain a vulnerability that may allow an attacker to execute code. Description Versions of Mozilla Firefox prior to 2.0.0.15 contain a buffer overflow vulnerability. Browsers such as SeaMonkey and Epiphany that use Mozilla's rendering engine ma...
HP Online Support Services ActiveX MoveFile() buffer overflow
Overview HP Online Support Services contains the function MoveFile, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Services provides online product support services including HP...
Apple Safari vulnerable to xss via the processing of JavaScript URLs
Overview A vulnerability in the way Apple Safari handles JavaScript URLs may allow execution of JavaScript in the context of another site. Description Apple Safari contains a vulnerability that may cause a cross-site script injection when processing JavaScript URLs. According to Apple Security...
Canon digital multifunction copiers FTP bounce vulnerability
Overview Some models of Canon digital multifunction copiers are vulnerable to the FTP bounce attack. Description From the Problems With The FTP PORT Command document:The FTP Bounce Attack To conform with the FTP protocol, the PORT command has the originating machine specify an arbitrary destinati...
Liferay Portal Enterprise Admin User-Agent HTTP header XSS
Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to gain administrative access. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The...
Citrix Presentation Server heap based buffer overflow
Overview A heap-based buffer overflow in Citrix Presentation Server may allow a remote attacker to execute arbitrary code on an vulnerable system in the context of the system user. Description Citrix Presentation Server is an application delivery system providing access to users accross a network...
Microsoft DirectX SAMI parsing buffer overflow
Overview Microsoft DirectX is vulnerable to a stack-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectX is a feature of the Microsoft Windows operating system used for streaming...
Apple QuickTime code execution vulnerability
Overview Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime can use atom containers to organize movies and music tracks.From Apple...
Guidance EnCase fails to detect more than 25 partitions
Overview Guidance Software's EnCase Forensic can only detect the first 25 partitions on a volume. Description Guidance Software's EnCase Forensic is a tool that allows an investigator to acquire and analyze a disk image. EnCase names partitions either c: through z:, with an additional partition...
GIMP integer overflow vulnerability
Overview GIMP contains a vulnerability that may allow a remote attacker to execute code, or create a denial-of-service condition. Description The Photoshop Document PSD format is the native file format used by Adobe Photoshop. The GNU Image Manipulation Program GIMP can open and manipulate .psd...
Apple QuickTime fails to properly handle malformed movie files
Overview Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote...
Apple AFP Client privilege escalation vulnerability
Overview The Apple File Protocol AFP Client fails to properly clean its environment before executing commands. This vulnerability may allow a local attacker execute commands with elevated privileges. Description The Apple File Protocol service allows Apple Mac OS clients to access files remotely...
The Wizz RSS Reader chrome access vulnerability
Overview The Wizz RSS Reader contains a vulnerability that may allow an attacker to take any action that Mozlla Firefox can. Description The Mozilla Firefox user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window...
Apple Mac OS X fails to properly handle crafted AppleSingleEncoding disk images
Overview A vulnerabilty in the Apple Mac OS X AppleSingleEncoding disk image handler may allow execution of arbitrary code or denial of service. Description Apple Mac OS X contains a vulnerability that may be exploited when a user mounts a specially crafted AppleSingleEncoding disk image file...
Apple Mac OS X DMG UFS byte_swap_sbin() function Integer Overflow
Overview The Apple Mac OS X byteswapsbin function contains an integer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description DMG files are disk images that can contain a variety of...
Apple Mac OS X AFP server may disclose file and folder information in search results
Overview A vulnerability in the Apple Mac OS X AFP server may disclose file and folder items to unauthorized users. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files stored on a server. When file sharing is enabled, Apple's Mac OS X AFP server...
Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI
Overview Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded. Description A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security...
Mozilla products vulnerable to heap overflow via miscalculated size during conversion of an image
Overview A vulnerability exists in Mozilla products that may allow a remote attacker to execute arbitrary code or cause a denial of service. Description Mozilla products contain a vulnerability in the CSS cursor property on Microsoft Windows that may result in a crash when handling malicious...
Novell NetMail NMAP vulnerable to buffer overflow when processing "STOR" commands
Overview A vulnerability in the way Novell NetMail handles NMAP "STOR" commands may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell NetMail's implementation of the Network Messaging Application Protocol NMAP contains a buffer overflow that may occur...
Apple QuickTime RTSP buffer overflow
Overview Apple QuickTime may allow remote arbitrary code to be executed via a long src parameter in RTSP URL strings. Description A vulnerability exists in the way Apple QuickTime handles specially crafted Real Time Streaming Protocol RTSP URL strings. An attacker may be able to craft a QTL file ...
Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists
Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...
Newtone ImageKit ActiveX buffer overflow vulnerabilities
Overview The Newtone ImageKit ActiveX controls contain several buffer overflow vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Newtone ImageKit is a set of ActiveX controls that provide image processing, scanning, a...
Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI
Overview Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI. Description According to Apple Security Update 2006-007:By enticing a user to access a maliciously crafted FTP URI, an attacker can cause the user's FTP client to issue arbitrary FTP commands ...
Computer Associates BrightStor ARCserve Backup Tape Engine fails to properly handle RPC requests
Overview A vulnerability exists in the Computer Associates BrightStor ARCserve Backup Tape Engine. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with...
Microsoft Workstation Service fails to properly parse malformed network messages
Overview A vulnerability in the way Microsoft Workstation Service parses malformed network messages may lead to execution of arbitrary code. Description Microsoft Workstation Service contains a vulnerability that could be exploited when Workstation Service attempts to parse specially crafted...
Microsoft DirectAnimation Path ActiveX control Spline method integer overflow
Overview A vulnerability in the Microsoft DirectAnimation ActiveX controls may allow a remote attacker to execute arbitrary code on an affected system. Description Microsoft's DirectAnimation is a suite of development functionality, predating Microsoft DirectX, that provides animation support for...
IBM Lotus Notes sets insecure default permissions on program data
Overview IBM Lotus Notes sets insecure default permissions on the Notes directory. This vulnerability may allow a local attacker to gain unintended access to Lotus Notes program data. Description IBM Lotus Notes installs numerous program files and program data in a special directory known as the...
Microsoft Office fails to properly parse malformed Smart Tags
Overview A vulnerability in the way Microsoft Office parses files containing malformed Smart Tags may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted Smart Tags. According to Microsoft Security...
Trend Micro OfficeScan Management Console ActiveX control format string vulnerability
Overview The Trend Micro OfficeScan Management Console ActiveX control, AtxConsole, contains a format string vulnerability. This vulnerability may be exploited by an attacker to execute arbitrary code, or create a denial-of-service condition. Description Trend Micro's OfficeScan product includes ...
Microsoft Server Service fails to properly handle network messages
Overview A vulnerability in the way Microsoft Server Service handles network messages may lead to execution of arbitrary code. Description Microsoft Server Service provides support for Remote Proceedure Call RPC, resource sharing, and named pipe communication over the network. Microsoft Server...
Apple Mac OS X bootpd vulnerable to stack-based buffer overflow
Overview A buffer overflow vulnerability in the Apple Mac OS X bootp daemon may allow an attacker to execute arbitrary code on an affected system. Description bootpd The bootp daemon bootpd is used to send clients network and IP address configuration settings. It can also work in combination with...
Apple Mac OS X WebKit may allow code execution when visiting a malicious website
Overview A vulnerability in Apple Mac OS X WebKit may allow an attacker to execute arbitrary code on an affected system. Description WebKit From the OpenDarwin WebKit project description, WebKit is an open source web browser engine. WebKit is also the name of the Mac OS X system framework version...
Samba fails to properly handle multiple share connection requests
Overview There is a vulnerability in the smbd process which may allow an attacker to create a denial of service condition. Description Samba Samba is an open-source implementation of SMB/CIFS file and print services. It is frequently included in UNIX and Linux distributions and is typically used...
Microsoft PowerPoint does not properly handle malformed shapes
Overview Microsoft PowerPoint contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens a specially crafted document. Accordin...