3702 matches found
Macromedia Flash plug-in contains buffer overflow
Overview Incorrectly formatted sound wave SWF files may cause a buffer overflow in the Macromedia Flash plug-in. Description If the length fields in an SWF file specify fewer data than are actually present in the file, processing the file may cause a buffer overflow in the Macromedia Flash plug-i...
glibc does not check SUID bit on libraries in /etc/ld.so.cache
Overview The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files. Description The GNU libc library allows preloading libraries via the LDPRELOAD environment variable,...
Compaq web-enabled management software contains buffer overflow in authentication username
Overview The Compaq web-enabled management software contains a buffer overflow in the authentication component of the product. Remote intruders may be able to execute arbitrary code with privileges on affected systems. Many Compaq products are affected, from personal computers to commercial UNIX...
Borland/Inprise Interbase SQL database server contains backdoor superuser account with known password
Overview Description Interbase is an open source database package that is distributed by Borland/Inprise. The server contains a compiled-in backdoor account with a known password.In the following interbase code, references are made about a LOCKSMITH user: ./jrd/dyn.e ./jrd/isc.c ./jrd/jrd.c...
Input validation error in quikstore.cgi allows attackers to execute commands
Overview The quikstore shopping cart script contains an input validation error that allows attackers to execute commands on affected web servers. Description The quikstore.cgi script is written in Perl and provides its users with shopping cart software for e-commerce transactions. In November 200...
BSD-derived ftpd replydirname() in ftpd.c contains one-byte overflow
Overview There is a off-by-one vulnerability in several BSD-derived ftpd servers. Description The ftp server in several BSD distributions contains a defect which allows one byte of the program memory allocated within a stack frame to be overwritten with a NUL byte '\0'. The byte in question is...
KTH Kerberos environment variables krb4proxy and KRBCONFDIR may be used insecurely
Overview The environment variables krb4proxy and KRBCONFDIR may be respected by client programs such as login or su, in such a way that local or remote intruders can cause the client program to accept authentication requests from a malicious KDC. The vulnerabilites may be exploited remotely by...
LPRng can pass user-supplied input as a format string parameter to syslog() calls
Overview A popular replacement software package to the BSD lpd printing service called LPRng contains at least one software defect known as a "format string vulnerability" which may allow remote users to execute arbitrary code on vulnerable systems. The privileges of such code will probably be...
Format string vulnerability in libutil pw_error(3) function
Overview There is an input validation vulnerability in the OpenBSD libutil system library that allows local users to gain superuser access via the chpass utility. Description On June 30, 2000, the OpenBSD development team repaired an input validation vulnerability in the pwerror function of the...
Wang/Kodak Image Thumbnail ActiveX Control
Overview Description The Image Thumbnail control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Thumbnail control is one of several controls used to provide image editting services through a web site. Becaus...
Insecure Platform Key (PK) used in UEFI system firmware signature
Overview A vulnerability in the user of hard-coded Platform Keys PK within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security mechanisms like Secure Boot, compromising the trust between the platform owner and firmware and enabling...
Dentsply Sirona CDR DICOM contains multiple hard-coded credentials
Overview The Dentsply Sirona previously known as Shick Technologies CDR DICOM is software for managing medical dental records. CDR DICOM contains several hard-coded credentials allowing administrative or root access. Description CWE-798: Use of Hard-coded Credentials - CVE-2016-6530 Dentsply...
Up.time agent for Linux does not authenticate a user before allowing read access to the file system
Overview The up.time agent for Linux versions 7.5 and 7.6 may allow an unauthenticated remote attacker to read arbitrary files from a system. Description CWE-306: Missing Authentication for Critical Function - CVE-2015-8268According to the researcher, "The linux based uptime.agent version 7.5...
TaxiHail Android mobile app contains multiple vulnerabilties
Overview Mobile Knowledge's TaxiHail is vulnerable to information disclosure and missing encryption of sensitive data. Description The Mobile Knowledge TaxiHail framework "allows passengers to book and manage their own reservations via iOS, android or the web in real-time, alleviating call...
Dell System Detect installs root certificate and private key (DSDTestProvider)
Overview Dell System Detect installs the DSDTestProvider certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...
SketchUp Viewer buffer overflow vulnerability
Overview SketchUp Viewer version 13.0.4124 is vulnerable to a buffer overflow when opening a malformed .SKP file. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-6038SketchUp Viewer version 13.0.4124 is vulnerable to a stack buffer overflow when parsing a specially crafted .SKP file...
AdvancePro Technologies Advanceware software suite vulnerable to privilege bypass
Overview AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in information leakage CWE-200. Description CWE-200: Information Exposure AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in...
Citrix NetScaler and Access Gateway Enterprise Edition unauthorized access to network resources vulnerability
Overview Citrix NetScaler and Access Gateway Enterprise Edition contain a vulnerability which could result in unauthorized access to network resources. Description Citrix NetScaler and Access Gateway Enterprise Edition contain a vulnerability which could allow a remote attacker to gain unauthoriz...
pd-admin contains cross-site scripting vulnerabilities
Overview pd-admin, a web interface for users of hosting providers, is susceptible to cross-site scripting XSS vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' pd-admin, contains cross-site scripting XSS vulnerabilities. The...
Mutiny Technology virtual appliance command injection vulnerability
Overview The Mutiny Technology virtual appliance contains a command injection vulnerability which could allow an attacker to inject commands into the appliance. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection'The Mutiny Technology virtual...
F5 Networks ASM appliance contains a cross-site scripting vulnerability
Overview F5 Networks ASM appliance versions 10.0.0 through 11.2.0 HF2 are susceptible to a cross-site scripting vulnerability in the traffic overview page. Description A cross-site scripting XSS CWE-79 vulnerability exists in the traffic overview page. By sending several malicious requests, an...
Dell KACE K2000 Appliance database administration account allows arbitrary command execution
Overview The Dell KACE K2000 System Deployment Appliance contains a vulnerability that could allow a remote attacker to execute arbitrary commands on an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating...
Investintech.com SlimPDF Reader contains multiple vulnerabilities
Overview Investintech.com's SlimPDF viewer contains multiple vulnerabilities which may result in a denial of service and possibly arbitrary code execution. Description Investintech.com's SlimPDF viewer contains multiple vulnerabilities, which include; user mode write access violations, read acces...
Multiple Quagga remote component vulnerabilities
Overview Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. Description CERT-FI reports:Quagga is an open source routing software that can handle various routing protocols such as RIP, BGP and OSPF. Five vulnerabilities have been found...
SCADA Engine BACnet OPC Client buffer overflow vulnerability
Overview SCADA Engine BACnet OPC Client contains a buffer overflow when parsing .csv files. This vulnerability may allow an attacker to execute arbitrary code. Description According to SCADA Engine website: "The SCADA Engine BACnet OPC Server is a server that provides data access DA, Alarms and...
Libpng 1.5.0 png_set_rgb_to_gray() vulnerability
Overview Libpng-1.5.0 introduced a vulnerability in the rgb-to-gray transform function. Description Libpng based applications that call the pngsetrgbtogray function from pngrtran.c are vulnerable. Libpng versions prior to 1.5.0 are not vulnerable. --- Impact An attacker may cause the application ...
Unexpected ACL Behavior in BIND 9.7.2
Overview A flaw exists in BIND 9.7.2 through 9.7.2-P1 pertaining to how an ACL is applied. Description There is a flaw in BIND 9.7.2 through 9.7.2-P1 where the wrong ACL is applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it. This bug is primarily a ri...
Linksys WVC54GC wireless video camera vulnerable to information disclosure
Overview The Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a...
Apple Safari automatically executes downloaded files based on Internet Explorer zone settings
Overview Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple Safari is a web browser that is available for OS X and Microsoft Windows platforms. Apple...
HP Online Support Services ActiveX AppendStringToFile() arbitrary file writing
Overview The HP Online Support Services ActiveX control contains a method called AppendStringToFile. This may allow a remote, unauthenticated attacker to write to files on a vulnerable system. Description HP Services provides online product support services including HP Instant Support. The...
PhotoStockPlus Uploader Tool ActiveX stack buffer overflows
Overview The PhotoStockPlus Uploader Tool ActiveX control contains several stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description PhotoStockPlus provides an image uploader ActiveX control, which is provided by the...
Microsoft Office Project vulnerable to remote code execution via specially crafted Project file
Overview A vulnerability in the way Microsoft Office Project parses files may lead to execution of arbitrary code. Description Microsoft Office Project contains a vulnerability that could be exploited when Project attempts to parse specially crafted files. According to Microsoft Security Bulletin...
Adobe Form Designer and Advanced Form Client ActiveX controls contain multiple buffer overflows
Overview Adobe Form Designer and Advanced Form Client contain multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Adobe Form Designer and Advanced Form Client software provide multiple ActiveX...
Apple Mac OS X fails to properly handle a crafted URL
Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute arbitrary code. Description According to Apple Security Update 2008-001:An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user ...
Microsoft Windows Vista privilege escalation vulnerability
Overview Microsoft Windows Vista contains a local privilege escalation vulnerability. Description The Windows Advanced Local Procedure Call ALPC does not properly evaluate certain conditions in legacy reply paths.Per Microsoft Security Bulletin MS07-066: An elevation of privilege vulnerability...
Guidance EnCase Enterprise uses weak authentication to identify target machines
Overview Guidance Software's EnCase Enterprise uses IP authentication to identify target machines. An attacker may be able to provide the EnCase SAFE server with a disk image from a different machine than an investigator requested. Description Guidance Software's EnCase Enterprise allows...
Mozilla products vulnerable to memory corruption in the browser engine
Overview A number of vulnerabilities in the Mozilla browser engine may allow the execution of arbitrary code or denial of service. Description The Mozilla browser engine contains several vulnerabilities that may result in memory corruption. The impact of this memory corruption in specific cases i...
VUPlayer malformed playlist buffer overflow
Overview VUPlayer fails to properly handle malformed playlists. This vulnerability may allow a remote attacker to execute arbitrary code. Description VUPlayer is a freeware audio player for the Microsoft Windows platform. It can play various types of media files, such as MP3s. A Playlist .PLS or...
Yahoo! Installer Plugin for Widgets ActiveX control stack buffer overflow
Overview The Yahoo! Installer Plugin for Widgets ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Widgets is a program for Windows that allows the user to run applications call...
InterActual Player IAKey ActiveX control stack buffer overflow
Overview The InterActual Player IAKey ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems. InterActual Player wa...
Adobe Flash Player fails to properly validate HTTP Referers
Overview The Adobe Flash Player fails to properly validate HTTP Referers. This may allow an attacker to conduct cross-site request forgery attacks. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser...
Symantec Norton Internet Security 2004 ISAlertDataCOM ActiveX control stack buffer overflow
Overview The Symantec Norton Internet Security 2004 ISAlertDataCOM ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Symantec Norton Internet Security is a software package for Windows...
Apple QuickTime for Java QTPointerRef heap memory corruption vulnerability
Overview Apple QuickTime for Java contains a heap memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This...
AOL SuperBuddy ActiveX fails to properly validate method arguments
Overview The AOL SuperBuddy ActiveX control does not properly validate arguments to the LinkSBIcons method. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL SuperBuddy ActiveX control Sb.SuperBuddy.1 is a compone...
InterActual Player SyscheckObject ActiveX controls contain stack buffer overflows
Overview InterActual Player provides multiple ActiveX controls that are vulnerable to buffer overflows. This can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems...
Apple Mac OS X fails to properly handle corrupted UDTO HFS+ image structures
Overview Apple Mac OS X fails to properly handle corrupted UDTO HFS+ image structures. This vulnerability may allow an attacker to cause a denial-of-service condition. Description Hierarchical File System HFS+ is a file system that supports files that use 32-bit block addresses and Unicode file a...
Microsoft Word 2000 stack buffer overflow
Overview A stack-based buffer overflow in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word 2000 fails to properly handle malformed documents allowing a stack-based buffer overflow to occur. It is possible that this vulnerability c...
Citrix Access Gateway appliances vulnerable to information disclosure
Overview A vulnerability exists in Citrix Access Gateway appliances that may allow an attacker to access data and compromise the system. Description Citrix Access Gateway products are universal SSL VPN appliances providing a secure, always-on, single point-of-access to an organization's...
Apple Mac OS X UFS filesystem integer overflow vulnerability
Overview There is an integer overflow in the ffsmountfs function, which is used by Apple's OS X operating system to handle UFS disc images. Description Unix File System UFS is a file system used by Unix and other similar operating systems. Apple OS X supports UFS, partitions, and images. There is...
Intel network drivers privilege escalation vulnerability
Overview A buffer overflow vulnerability in Intel PRO Ethernet drivers may allow local attackers to execute code with elevated privileges. Description Intel network adapter drivers are developed and maintained by Intel for Windows and Linux operating systems. A buffer overflow vulnerability exist...