3695 matches found
GIMP integer overflow vulnerability
Overview GIMP contains a vulnerability that may allow a remote attacker to execute code, or create a denial-of-service condition. Description The Photoshop Document PSD format is the native file format used by Adobe Photoshop. The GNU Image Manipulation Program GIMP can open and manipulate .psd...
Atheros wireless network drivers may fail to properly handle malformed frames
Overview Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description Some versions of the Microsoft Windows drivers for Atheros 802.11 a/b/g wireless adapters fail ...
SAP Message Server heap buffer overflow
Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...
Apple QuickTime for Java QTPointerRef heap memory corruption vulnerability
Overview Apple QuickTime for Java contains a heap memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This...
AOL SuperBuddy ActiveX fails to properly validate method arguments
Overview The AOL SuperBuddy ActiveX control does not properly validate arguments to the LinkSBIcons method. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL SuperBuddy ActiveX control Sb.SuperBuddy.1 is a compone...
Apple Mac OS X DMG UFS byte_swap_sbin() function Integer Overflow
Overview The Apple Mac OS X byteswapsbin function contains an integer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description DMG files are disk images that can contain a variety of...
Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI
Overview Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded. Description A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security...
Apple Mac OS X UFS filesystem integer overflow vulnerability
Overview There is an integer overflow in the ffsmountfs function, which is used by Apple's OS X operating system to handle UFS disc images. Description Unix File System UFS is a file system used by Unix and other similar operating systems. Apple OS X supports UFS, partitions, and images. There is...
Microsoft Excel fails to properly process a malformed Column record
Overview Microsoft Excel contains a memory corruption vulnerability that could enable an attacker to exectue arbitrary code and gain complete control of the vulnerable system. Description Microsoft Excel fails to properly handle malformed Column records. When an Excel file is opened, Excel does n...
Microsoft Remote Installation Service Writable Path Vulnerability
Overview A vulnerability in the way Microsoft Remote Installation Service handles TFTP may allow a remote, unauthorized attacker to create or overwrite arbitrary operating system files. Description Microsoft Remote Installation Service contains a vulnerability in the way that it provides TFTP...
Microsoft Windows SNMP Memory Corruption Vulnerability
Overview A vulnerability in the way Microsoft Windows handles SNMP may allow a buffer overflow that may allow remote execution of arbitrary code. Description Microsoft Windows contains a buffer overflow that may occur when handling malformed SNMP packets. According to Microsoft Security Bulletin...
Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists
Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...
Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI
Overview Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI. Description According to Apple Security Update 2006-007:By enticing a user to access a maliciously crafted FTP URI, an attacker can cause the user's FTP client to issue arbitrary FTP commands ...
Newtone ImageKit ActiveX buffer overflow vulnerabilities
Overview The Newtone ImageKit ActiveX controls contain several buffer overflow vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Newtone ImageKit is a set of ActiveX controls that provide image processing, scanning, a...
Apple Mac OS X WebKit deallocated object access vulnerability
Overview Apple Safari WebKit fails to properly deallocate objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple: WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X fo...
Sky Software FileView ActiveX control allows arbitrary command execution via unsafe methods
Overview The Sky Software FileView ActiveX control contains unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Sky Software FileView object is an ActiveX control that is provided with several applications, such as...
Microsoft Workstation Service fails to properly parse malformed network messages
Overview A vulnerability in the way Microsoft Workstation Service parses malformed network messages may lead to execution of arbitrary code. Description Microsoft Workstation Service contains a vulnerability that could be exploited when Workstation Service attempts to parse specially crafted...
Computer Associates Discovery Service buffer overflow
Overview Multiple Computer Associates products contain a buffer overflow in the code that handles the Discovery Service protocol. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup, BrightStor...
IBM Lotus Notes sets insecure default permissions on program data
Overview IBM Lotus Notes sets insecure default permissions on the Notes directory. This vulnerability may allow a local attacker to gain unintended access to Lotus Notes program data. Description IBM Lotus Notes installs numerous program files and program data in a special directory known as the...
Microsoft XML Core Services contain a buffer overflow in the XSLT component
Overview The XSLT component of the Microsoft XML Core Services contains a buffer overflow. An attacker may be able to use this vulnerability to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use JScript, Visual Basic Scripting...
Microsoft Office fails to properly parse malformed Smart Tags
Overview A vulnerability in the way Microsoft Office parses files containing malformed Smart Tags may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted Smart Tags. According to Microsoft Security...
Microsoft Server Service fails to properly handle network messages
Overview A vulnerability in the way Microsoft Server Service handles network messages may lead to execution of arbitrary code. Description Microsoft Server Service provides support for Remote Proceedure Call RPC, resource sharing, and named pipe communication over the network. Microsoft Server...
Skype for Mac contains a format string error in the handling of URI arguments
Overview Skype for Mac contains a format string vulnerability in the handling of URIs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Skype software provides telephone service over IP networks. There is a format string vulnerabilit...
Samba fails to properly handle multiple share connection requests
Overview There is a vulnerability in the smbd process which may allow an attacker to create a denial of service condition. Description Samba Samba is an open-source implementation of SMB/CIFS file and print services. It is frequently included in UNIX and Linux distributions and is typically used...
Microsoft Office string parsing vulnerability
Overview Microsoft Office fails to properly parse strings. This vulnerability could allow a remote attacker to execute arbitrary code. Description Microsoft Office applications fail to properly parse strings. When an Office document containing malformed string is opened with an Office application...
Apple Mac OS X vulnerable to stack-based buffer overflow via specially crafted TIFF file
Overview Apple has reported a vulnerability in the way Mac OS X 10.4 systems handle TIFF images that could cause affected applications to crash or allow remote code execution.. Description TIFF Image File Format The TIFF image file format is a widely supported file format used for storing images...
ClamAV vulnerable to buffer overflow via malicious database mirror
Overview The Open Source anti-virus program ClamAV's update engine, freshclam, contains a buffer overflow vulnerability. If exploited, an attacker could create a denial-of-service condition, or possibly run arbitrary code with the privileges of the freshclam process. Description Freshclam is a...
Microsoft JScript memory corruption vulnerability
Overview Microsoft JScript contains a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft JScript According to Microsoft Security Bulletin MS06-023: JScript is the Microsoft...
SunnComm MediaMax privilege elevation vulnerability
Overview SunnComm MediaMax contains a privilege elevation vulnerability, which may allow a user with limited rights to execute code with elevated privileges. Description SunnComm MediaMax SunnComm MediaMax is copy protection software that is automatically installed by some audio CDs. Sony BMG has...
Microsoft Office routing slip buffer overflow
Overview Microsoft Office contains a buffer overflow in the parsing of routing slips, which may allow an attacker to execute arbitrary code on a vulnerable system. Description Routing slips According to Microsoft Security Bulletin MS06-012: Microsoft Office applications have the ability to add a...
Research in Motion (RIM) BlackBerry Router vulnerable to denial of service via Server Routing Protocol (SRP)
Overview The Research in Motion RIM BlackBerry Router contains a vulnerability in the way the router handles Server Routing Protocol SRP packets. By sending specially crafted SRP packets to the router, an attacker could cause a denial of service. Description The BlackBerry Router is a component o...
Skype vulnerable to heap-based buffer overflow
Overview A heap-based buffer overflow in Skype may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Skype software provides telephone service over IP networks. Skype contains a buffer overflow in a routine that parses incoming network traffic...
Reflection for Secure IT Windows Server can allow login to renamed built-in accounts
Overview WRQ Reflection for Secure IT Windows Server 6.0 can allow a user to login to a Windows built-in account with the default name Administrator and Guest after they are renamed. Description Microsoft Windows includes the built-in accounts Administrator and Guest. If those accounts are rename...
Apple Mac OS X Directory Services contains a buffer overflow
Overview A buffer overflow in Apple Mac OS X Directory Service's authentication process may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Mac OS X Server Directory Service provides reading, writing, and authentication services within...
sendfile() system call may leak sections of kernel memory
Overview The sendfile system call does not handle specially crafted files properly. Exploitation of this vulnerability may leak sensitive information to a local attacker. Description The sendfile system call is used to send a file through a socket without copying the file data into memory. A...
Symantec Norton AntiVirus vulnerable to DoS via the Auto-Protect "SmartScan" feature
Overview Symantec Norton AntiVirus may hang or crash when the Auto-Protect module SmartScan feature scans a renamed file on a network share. Description Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic...
NotifyLink contains multiple SQL injection vulnerabilities
Overview There are multiple vulnerabilities in NotifyLink that allow unauthenticated remote users to view or modify the contents of the NotifyLink SQL database. Possible modifications include the addition of unauthorized user and administrator accounts. Description Notify Technology NotifyLink...
ISC DHCP contains a format string vulnerabilty in errwarn.c
Overview The Internet Systems Consortium ISC Dynamic Host Configuration Protocol DHCP application contains a format string vulnerability in errwarn.c that could allow an attacker to execute arbitrary code. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provide...
AWStats fails to validate input supplied to pluginmode parameter
Overview AWStats performs inadequate validation on user-controlled data that is supplied to the pluginmode parameter. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary commands. Description AWStats is a Perl CGI script that collects and graphically displays...
SuSe Linux LibTIFF package vulnerable to buffer overflow
Overview The SuSe Linux version of LibTIFF is vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code. Description SuSe LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF format on SuSE systems. A lack of input validation in the...
Archive::Zip may not properly parse the file sizes of Zip archives
Overview Archive::Zip does not properly parse Zip files and may incorrectly interpret malformed zip archives to contain zero length/size files. As a a result, anti-virus software using Archive::Zip may fail to detect malicious content within a Zip archive. Description The Archive::Zip module allo...
Microsoft Internet Explorer vulnerable to buffer overflow via FRAME and IFRAME elements
Overview Microsoft Internet Explorer IE contains a buffer overflow vulnerability that can be exploited to execute arbitrary code with the privileges of the user running IE. Description A heap buffer overflow vulnerability exists in the way IE handles the SRC and NAME attributes of HTML elements...
Microsoft Windows fails to properly process showHelp URLs
Overview A vulnerability in the showHelp Method may allow a remote attacker to execute arbitrary code. Description A cross domain vulnerability exists in the showHelp method that may permit a remote attacker to execute local commands on the system with the privileges of the current user...
Microsoft Windows H.323 implementation fails to handle malformed requests
Overview A vulnerabilities in Microsoft Windows' implementation of the multimedia telephony protocol H.323 could lead to the ability to remotely execute arbitrary code on the system. Description Microsoft Windows' implementation of the H.323 protocol contains a buffer overflow in the handling of...
Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function
Overview Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTODSINTERVAL function. Thi...
Multiple web-based email services fail to filter malicious characters when the message contains cascading style sheet character escaping
Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., active content, or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript whi...
Microsoft Help and Support Center contains buffer overflow in code used to handle HCP protocol
Overview There is a buffer overflow in the Microsoft Help and Support Center that could permit an attacker to execute arbitrary code with SYSTEM privileges. Description The Microsoft Help and Support Center is a facility within WIndows to provide product help and documentation. Among other things...
Hummingbird CyberDOCS sets insecure permissions on script source code files
Overview Hummingbird CyberDOCS running on Microsoft Internet Information Services IIS sets insecure permissions on script source code files. A remote attacker could read the contents of unprotected files. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document manageme...
Microsoft Windows RPCSS Service contains heap overflow in DCOM activation routines
Overview There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many version...
Buffer Overflow in URLMON.DLL
Overview A buffer overflow in URLMON.DDL may allow an intruder to execute arbitrary code. Description URLMON.DLL is a library used by Microsoft Internet Explorer. It contains a buffer overflow that could allow an intruder to execute arbitrary code if the intruder can convince the victim to visit ...