3702 matches found
Symantec products vulnerable to buffer overflow
Overview Symantec products are vulnerable to a stack-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Symantec Client Security and Symantec Antivirus Corporate Edition contain a stack-based buffer overflow. For informati...
Microsoft Office routing slip buffer overflow
Overview Microsoft Office contains a buffer overflow in the parsing of routing slips, which may allow an attacker to execute arbitrary code on a vulnerable system. Description Routing slips According to Microsoft Security Bulletin MS06-012: Microsoft Office applications have the ability to add a...
Apple QuickTime image handling buffer overflow
Overview Apple QuickTime contains a heap-based buffer overflow that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime fails to properly validate QuickTime Images QTIF, potentially allowing a heap-based buffer overflow to occur. If ...
Apple QuickTime fails to properly handle corrupt media files
Overview Apple QuickTime contains a heap overflow vulnerability in the handling of media files which may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows...
Skype vulnerable to heap-based buffer overflow
Overview A heap-based buffer overflow in Skype may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Skype software provides telephone service over IP networks. Skype contains a buffer overflow in a routine that parses incoming network traffic...
Microsoft Windows domain controller denial of service in Kerberos message handling
Overview Microsoft Windows domain controllers do not properly handle some Kerberos messages, potentially allowing a remote, authenticated attacker to cause a denial-of-service condition. Description Microsoft Windows domain controllers running Windows 2000 Server and Server 2003 use the Kerberos...
Computer Associates BrightStor ARCserve Backup Discovery Service vulnerable to buffer overflow
Overview The Computer Associates BrightStor ARCserve Backup Discovery Service contains a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. The ARCserve Backu...
VERITAS Backup Exec remote registry access validation vulnerability
Overview VERITAS Backup Exec contains a remote registry access validation vulnerability. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.An access validation vulnerability in Backup Exec for Windows allows remote attackers to access...
Symantec Norton AntiVirus vulnerable to DoS via the Auto-Protect "SmartScan" feature
Overview Symantec Norton AntiVirus may hang or crash when the Auto-Protect module SmartScan feature scans a renamed file on a network share. Description Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic...
ISC DHCP contains a format string vulnerabilty in errwarn.c
Overview The Internet Systems Consortium ISC Dynamic Host Configuration Protocol DHCP application contains a format string vulnerability in errwarn.c that could allow an attacker to execute arbitrary code. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provide...
AWStats fails to validate input supplied to pluginmode parameter
Overview AWStats performs inadequate validation on user-controlled data that is supplied to the pluginmode parameter. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary commands. Description AWStats is a Perl CGI script that collects and graphically displays...
Microsoft Office XP contains buffer overflow vulnerability
Overview A buffer overflow in Microsoft Office XP may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office XP is vulnerable to a buffer overflow. According to MS05-005, the buffer overflow exists in the process that passes URL file locations to...
Microsoft OLE buffer overflow
Overview A vulnerability in a way that various programs handle OLE objects could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft OLE is a technology that allows applications to create and edit compound documents. Compound documents are those...
Apple iTunes fails to properly handle overly long URLs in playlists
Overview A buffer overflow vulnerability in iTunes could allow a remote attacker to execute arbitrary code. Description Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. It supports a variety of playlist formats including .m3u and .pls. A...
Archive::Zip may not properly parse the file sizes of Zip archives
Overview Archive::Zip does not properly parse Zip files and may incorrectly interpret malformed zip archives to contain zero length/size files. As a a result, anti-virus software using Archive::Zip may fail to detect malicious content within a Zip archive. Description The Archive::Zip module allo...
cdrecord fails to set proper permissions on programs specified in RSH environment variable
Overview Cdrecord can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Cdrecord is an application used to create data or audio compact discs. Cdrecord permits the use of CD recorders on remote machine...
Apple QuickTime contains an integer overflow in the "QuickTime.qts" extension
Overview Apple QuickTime contains an integer overflow vulnerability in the "QuickTime.qts" extension, which could result in arbitrary code execution. Description Apple's QuickTime Player is a player that allow users to view local and remote audio/video content. Other applications, such as web...
Microsoft Windows H.323 implementation fails to handle malformed requests
Overview A vulnerabilities in Microsoft Windows' implementation of the multimedia telephony protocol H.323 could lead to the ability to remotely execute arbitrary code on the system. Description Microsoft Windows' implementation of the H.323 protocol contains a buffer overflow in the handling of...
Microsoft Windows creates COM object identifiers incorrectly
Overview A vulnerability exists in Microsoft's COM object component. Explotiation of this vulnerability may lead to information disclosure and the ability for an attacker to open services on network communication ports. Description Microsoft's COM object component creates object identifiers in a...
Avaya Argent Office vulnerable to denial of service via malformed DNS packets
Overview The Avaya Argent Office reboots in response to certain malformed DNS packets, resulting in a denial of service condition. Description The Avaya Argent Office reboots when a packet with an empty payload is sent to UDP port 53 DNS on its internal interface. By sending repeated packets to...
ProFTPD fails to properly handle newline characters when transferring files in ASCII mode
Overview ProFTPD is a popular free File Transfer Protocol FTP server package. A vulnerability in its handling of files transferred in ASCII mode can allow an attacker to compromise the system running the server. Description The File Transfer Protocol FTP described in RFC959 defines operations for...
SSH Communications Secure Shell vulnerable to DoS via malformed BER/DER packet
Overview SSH Communications' Secure Shell contains vulnerabilities in ASN.1 libraries that may allow remote attackers to cause a denial-of-service situation, or potentially execute arbitrary code on the server. Description SSH Communications' Secure Shell contains a vulnerability in the decoding ...
Microsoft Visual Basic for Applications (VBA) does not adequately validate document properties
Overview Microsoft Visual Basic for Applications VBA contains a buffer overflow when validating document properties. This vulnerability could allow an attacker to execute arbitrary code with the privileges of the user running VBA. Description From Microsoft Security Bulletin MS03-037:Microsoft VB...
MySQL fails to validate length of password field
Overview A vulnerability in MySQL could permit a malicious user to execute arbitrary code on the system. Description MySQL is a database system. MySQL contains a buffer overflow vulnerability in the processing of the password field of the MySQL database, specifically "SET PASSWORD". A malicious...
Microsoft Internet Explorer does not properly evaluate "application/hta" MIME type referenced by DATA attribute of OBJECT element
Overview Microsoft Internet Explorer IE will execute an HTML Application HTA referenced by the DATA attribute of an OBJECT element if the Content-Type header returned by the web server is set to "application/hta". An attacker could exploit this vulnerability to execute arbitrary code with the...
Sun Ray Smartcard reader may leave desktop session open when card is quickly removed
Overview The Sun Ray Smartcard reader fails to properly detect a "quick removal, reinsertion and removal of a Smartcard." Description The Sun Ray is a thin client computing device designed to process user input and output, and provide access to computing services hosted by a server. Authenticatio...
GnuPG contains flaw in key validation code
Overview A vulnerability in GnuPG may cause keys with multiple user ID's to give other user IDs on the key a false amount of validity. Description From the GnuPG homepage:GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. It can be used to encrypt data...
pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions
Overview A vulnerability exists in pamxauth that may allow a local attacker to gain access to an administrator's X session. Description pamxauth is used to forward xauth keys or cookies between users. From the pamxauth man page:Without pamxauth, when xauth is enabled and a user uses the su comman...
Buffer Overflow in URLMON.DLL
Overview A buffer overflow in URLMON.DDL may allow an intruder to execute arbitrary code. Description URLMON.DLL is a library used by Microsoft Internet Explorer. It contains a buffer overflow that could allow an intruder to execute arbitrary code if the intruder can convince the victim to visit ...
Apple QuickTime Player for Windows contains buffer overflow in processing of overly long QuickTime URLs
Overview Apple's QuickTime Player is a player for files and streaming media in the QuickTime format. Versions of the player are available for both the Microsoft Windows and Apple MacOS platforms. A flaw in the version for Windows could allow a remote attacker to execute arbitrary code on a...
Cobalt RaQ Server Appliances contains vulnerability allowing remote root compromise
Overview A remotely exploitable vulnerability exists in Cobalt RaQ Server Appliances with the Security Hardening Package SHP installed. Description The Cobalt RaQ is a Sun Server Appliance. Sun describes the Cobalt RaQ as follows:The Cobalt RaQTM4 is a server appliance that provides a dedicated...
Microsoft Windows Data Access Components contains heap overflow in Data Stubs when parsing a malformed HTTP request
Overview A vulnerability in the Microsoft Data Access Components MDAC could lead to remote execution of code with the privileges of the current process, or user. Description Microsoft Data Access Components MDAC is a collection of utilities and routines to process requests between databases and...
Microsoft Java implementation allows execution of malicious code
Overview A class in Microsoft's Java virtual machine VM does not properly validate trusted applets, allowing untrusted applets to exploit native methods and execute arbitrary code. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and xp. It is used by Internet Explorer and...
Microsoft Word does not adequately validate macros embedded within malformed Word documents
Overview There is a vulnerability caused by a failure to detect macros embedded in Microsoft Word documents. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description Microsoft Word versions including Word 2002,...
Microsoft SQLXML HTTP components vulnerable to cross-site scripting via root parameter
Overview A cross-site scripting vulnerability exists in the Microsoft SQLXML HTTP components. This vulnerability could allow an attacker to execute script on a victim's system with the victim's privileges. Description Microsoft SQL Server 2000 includes a feature called SQLXML that allows the serv...
tcpdump vulnerable to buffer overflow via improper decoding of AFS RPC (Rx) packets
Overview A vulnerability exists in tcpdump that could allow an attacker to execute arbitrary code with the privileges of tcpdump, typically root. Description tcpdump is a widely-used network sniffer that is capable of decoding AFS traffic. A buffer overflow vulnerability has been discovered in...
Nortel Networks CVX 1800 discloses privileged information
Overview The Nortel Networks CVX 1800 Multi-Service Access Switch discloses privileged information. Description The CVX 1800 Multi-Service Access Switch is a large modem bank typically used by large carriers and ISP's. When the CVX 1800 is queried with a specially crafted snmpwalk, it will respon...
Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in redirect response messages
Overview Visitors to web sites that use Microsoft IIS and also issue redirect response messages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...
Novell Groupwise contains protocol implementation vulnerability allowing email to be viewed by unauthorized user
Overview Novell GroupWise is an email storage program. Email is encrypted when stored. Usernames and passwords can be acquired by sniffing communications between the client and server. Description In Novell GroupWise email is stored as encrypted data. Clients and servers operating in Live Remote ...
OpenSSH UseLogin directive permits privilege escalation
Overview OpenSSH is an implementation of the Secure Shell protocol. When OpenSSH is configured with the UseLogin directive equal to "yes", an intruder can execute arbitrary code with the privileges of OpenSSH, usually root. Description OpenSSH contains a vulnerability that permits an intruder to...
WU-FTPD configured to use RFC 931 authentication running in debug mode contains format string vulnerability
Overview WU-FTPD contains a format string vulnerability that manifests when WU-FTPD is configured to use RFC 931 authentication and is run in debug mode. A crafted identd response could be used to execute arbitrary code on a vulnerable server. Description A format string vulnerability exists in t...
Compaq web-enabled management software buffer overflow vulnerability
Overview The Compaq web-enabled management software contains a buffer overflow. Remote intruders may be able to execute arbitrary code with privileges on affected systems. Many Compaq products are affected, from personal computers to commercial UNIX operating systems. Description The Compaq...
BIND memcpy not bounded in case T_SIG of rrextract()
Overview Version 8.2.2 of BIND current circa November 1999 contained a buffer overflow in the routine that converts records from network format to database format. Description Version 8.2.2 of BIND includes some checks for the correct format of a signature record in DNSSEC that previous versions...
HP Tru64 UNIX "msgchk" contains buffer overflow (SSRT2275)
Overview msgchk, a part of the MH mail system, reportedly suffers from a buffer overflow with respect to the name of the inbox to be checked for new mail. This overflow would allow the user of msgchk to execute arbitrary code. Description msgchk is the portion of the MH mail system that checks fo...
OpenSSL PRNG contains design flaw that allows a user to determine internal state and predict future output
Overview The pseudorandom number generator PRNG in OpenSSL has a weakness that allows an attacker to determine its internal state and subsequently determine its future output values. Description OpenSSL's PRNG hashes an internal state to produce output values, which are supposed to be pseudorando...
lpd allows options to be passed to sendmail
Overview The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail. Description The line printer daemon enables various clients to share printers over a network. There exists a...
SCO OpenServer/UnixWare vi creates temporary files insecurely
Overview The implementation of vi, a text editor, provided with SCO Openunix creates insecure temporary files with predictable names. Using a symbolic link attack, an intruder can overwrite any file writable by the user of vi. Description vi is a screen-oriented text editor. The implementation...
Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits telnet access when no password has been set
Overview The Cisco 6400 Access Concentrator Node Route Processor 2 NRP2 module permits unauthenticated telnet access when no password has been set. Description The Access Concentrator Node Route Processor is a router blade for the Cisco 6400. It's purpose is to aggregate and terminate incoming...
Cayman gateways vulnerable to a denial of service via oversized ICMP echo (ping) requests.
Overview Cayman gateways vulnerable to a denial of service via oversized ICMP echo ping requests. Installing the newest version of the vendor software will resolve this vulnerability. Description Cayman gateways running versions 5.5 Build R0, 5.3 Build R2, 5.3 Build R1 are vulnerable to an...
Hewlett-Packard MPE/iX NM Debug does not always handle breakpoints correctly
Overview There is a problem in the NM Debug facility of MPE/iX that allows users to gain unauthorized privileges. Description The problem affects HP3000 systems running MPE/iX versions 5.5 through 6.5. HP has published a security bulletin describing the solution to this vulnerability...