3702 matches found
Samba fails to properly handle multiple share connection requests
Overview There is a vulnerability in the smbd process which may allow an attacker to create a denial of service condition. Description Samba Samba is an open-source implementation of SMB/CIFS file and print services. It is frequently included in UNIX and Linux distributions and is typically used...
Microsoft Office string parsing vulnerability
Overview Microsoft Office fails to properly parse strings. This vulnerability could allow a remote attacker to execute arbitrary code. Description Microsoft Office applications fail to properly parse strings. When an Office document containing malformed string is opened with an Office application...
Microsoft Internet Explorer vulnerable to heap overflow via the HTML Help Control "Image" property
Overview The HTML Help ActiveX control contains a heap overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software components that can be...
Apple Mac OS X vulnerable to stack-based buffer overflow via specially crafted TIFF file
Overview Apple has reported a vulnerability in the way Mac OS X 10.4 systems handle TIFF images that could cause affected applications to crash or allow remote code execution.. Description TIFF Image File Format The TIFF image file format is a widely supported file format used for storing images...
ClamAV vulnerable to buffer overflow via malicious database mirror
Overview The Open Source anti-virus program ClamAV's update engine, freshclam, contains a buffer overflow vulnerability. If exploited, an attacker could create a denial-of-service condition, or possibly run arbitrary code with the privileges of the freshclam process. Description Freshclam is a...
SunnComm MediaMax privilege elevation vulnerability
Overview SunnComm MediaMax contains a privilege elevation vulnerability, which may allow a user with limited rights to execute code with elevated privileges. Description SunnComm MediaMax SunnComm MediaMax is copy protection software that is automatically installed by some audio CDs. Sony BMG has...
Microsoft Office routing slip buffer overflow
Overview Microsoft Office contains a buffer overflow in the parsing of routing slips, which may allow an attacker to execute arbitrary code on a vulnerable system. Description Routing slips According to Microsoft Security Bulletin MS06-012: Microsoft Office applications have the ability to add a...
Microsoft Excel malformed record memory corruption vulnerability
Overview Microsoft Excel contains a memory corruption vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate records in data files. When a file with a malformed record is opened in Exce...
LISTSERV contains multiple buffer overflow vulnerabilities in the WA CGI script
Overview Several buffer overflow vulnerabilities have been discovered in LISTSERV. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description L-Soft's LISTSERV is an email list management software package. It includes a Web Archive and...
Apple QuickTime fails to properly handle corrupt media files
Overview Apple QuickTime contains a heap overflow vulnerability in the handling of media files which may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows...
Research in Motion (RIM) BlackBerry Router vulnerable to denial of service via Server Routing Protocol (SRP)
Overview The Research in Motion RIM BlackBerry Router contains a vulnerability in the way the router handles Server Routing Protocol SRP packets. By sending specially crafted SRP packets to the router, an attacker could cause a denial of service. Description The BlackBerry Router is a component o...
Reflection for Secure IT Windows Server can allow login to renamed built-in accounts
Overview WRQ Reflection for Secure IT Windows Server 6.0 can allow a user to login to a Windows built-in account with the default name Administrator and Guest after they are renamed. Description Microsoft Windows includes the built-in accounts Administrator and Guest. If those accounts are rename...
Apple Mac OS X Directory Services contains a buffer overflow
Overview A buffer overflow in Apple Mac OS X Directory Service's authentication process may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Mac OS X Server Directory Service provides reading, writing, and authentication services within...
Apple Mac OS X AppKit vulnerable to buffer overflow via the handling of maliciously crafted rich text files
Overview A buffer overflow vulnerability exists in a component of Apple's Mac OS X operating system that handles rich text files. Description The Cocoa Application Framework also referred to as the Application Kit, or AppKit is one of the core Cocoa frameworks supplied with Apple's Mac OS X...
Microsoft Windows domain controller denial of service in Kerberos message handling
Overview Microsoft Windows domain controllers do not properly handle some Kerberos messages, potentially allowing a remote, authenticated attacker to cause a denial-of-service condition. Description Microsoft Windows domain controllers running Windows 2000 Server and Server 2003 use the Kerberos...
Microsoft Windows Remote Desktop Protocol service input validation vulnerability
Overview An input validation error in the Microsoft Remote Desktop Protocol RDP service may allow a remote attacker to cause a denial-of-service condition. Description Microsoft describes the Remote Desktop Protocol RDP as follows.RDP is based on, and is an extension of, the T.120 protocol family...
RSA Authentication Agent for Web fails to properly validate input
Overview The RSA Authentication Agent for Web running on Microsoft Internet Information Services IIS does not properly validate input that is passed to the "postdata" parameter in "/WebID/IISWebAgentIF.dll" and may allow an attacker to execute code in a user's browser. Description RSA...
Apple Mac OS X with Bluetooth enabled may allow file exchange without prompting users
Overview Apple Mac OS X with Bluetooth support may unintentionally allow files to be exchanged with other systems by default. Description Mac OS X includes support for the Bluetooth networking protocol suite. Bluetooth is a communication technology that enables short-range communication between...
sendfile() system call may leak sections of kernel memory
Overview The sendfile system call does not handle specially crafted files properly. Exploitation of this vulnerability may leak sensitive information to a local attacker. Description The sendfile system call is used to send a file through a socket without copying the file data into memory. A...
NotifyLink contains multiple SQL injection vulnerabilities
Overview There are multiple vulnerabilities in NotifyLink that allow unauthenticated remote users to view or modify the contents of the NotifyLink SQL database. Possible modifications include the addition of unauthorized user and administrator accounts. Description Notify Technology NotifyLink...
ISC DHCP contains a format string vulnerabilty in errwarn.c
Overview The Internet Systems Consortium ISC Dynamic Host Configuration Protocol DHCP application contains a format string vulnerability in errwarn.c that could allow an attacker to execute arbitrary code. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provide...
Veritas Backup Exec registration request buffer overflow
Overview Certain versions of Veritas Backup Exec 8.x and 9.x can be remotely exploited to allow execution of arbitrary code on affected servers. Description A buffer overflow exists in Veritas Backup Exec 8.x prior to 8.60.3878 Hotfix 68, and 9.x pritor to 9.1.4691 Hotfix 40. A stack-based buffer...
SuSe Linux LibTIFF package vulnerable to buffer overflow
Overview The SuSe Linux version of LibTIFF is vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code. Description SuSe LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF format on SuSE systems. A lack of input validation in the...
Microsoft Internet Explorer vulnerable to buffer overflow via FRAME and IFRAME elements
Overview Microsoft Internet Explorer IE contains a buffer overflow vulnerability that can be exploited to execute arbitrary code with the privileges of the user running IE. Description A heap buffer overflow vulnerability exists in the way IE handles the SRC and NAME attributes of HTML elements...
star fails to set proper permissions on programs specified in RSH environment variable
Overview Star can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Star is a tape archiving program similar to tar. Star permits the use of storage devices on remote machines via an access program on...
Microsoft Windows fails to properly process showHelp URLs
Overview A vulnerability in the showHelp Method may allow a remote attacker to execute arbitrary code. Description A cross domain vulnerability exists in the showHelp method that may permit a remote attacker to execute local commands on the system with the privileges of the current user...
IEEE 802.11 wireless network protocol DSSS CCA algorithm vulnerable to denial of service
Overview The IEEE 802.11 wireless networking protocol contains a vulnerability that could allow a remote attacker to cause a denial of service to any wireless device within range. Description IEEE 802.11 wireless network protocols use a Clear Channel Assessment CCA algorithm to determine whether ...
Multiple Symantec firewall products fail to properly process DNS response packets
Overview There is a vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted Domain Name Service DNS response packet could allow an unauthenticated, remote attacker to cause a denial of service condition. Description Symantec offers a suite of corporat...
FTE fails to properly validate command line arguments
Overview FTE contains a vulnerability in the processing of command line arguments that could allow an attacker to execute arbitrary code. Description FTE is a text editor available for a variety of operating systems. There is a buffer overflow vulnerability in the way FTE performs bounds checking...
Microsoft Windows Secure Sockets Layer (SSL) library vulnerable to DoS
Overview A vulnerability in the Microsoft Secure Sockets Layer library could allow a remote attacker to cause a denial-of-service condition on an affected system. Description The Secure Sockets Layer SSL protocol is commonly used to provide authentication, encryption, integrity, and non-repudiati...
Ethereal IrDA dissector plugin fails to properly parse IRCOM_PORT_NAME parameter
Overview Ethereal contains a vulnerability in the way the Infrared Data Association IrDA dissector plugin parses the IRCOMPORTNAME parameter. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing IrDA data. There is a vulnerability in the...
Multiple web-based email services fail to filter malicious characters when the message contains cascading style sheet character escaping
Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., active content, or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript whi...
Microsoft Internet Explorer execCommand method does not properly validate URL source
Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary...
Oracle command-line program buffer overflow in argument handling
Overview A buffer overflow in some command-line utilities supplied with the Oracle Database Server could allow a local user to gain the privileges of the oracle system user. Description The Oracle 9 i Database Server package includes the oracle and oracleO command-line client programs to connect ...
Microsoft Outlook Web Access (OWA) contains cross-site scripting vulnerability in the "Compose New Message" form
Overview There is a cross-site scripting vulnerability in Microsoft Outlook Web Access. Description The "Compose New Message" form of the Outlook Web Access OWA component of Microsoft Exchange 5.5 contains a cross-site scripting vulnerability. For more information about cross-site scripting...
Hummingbird CyberDOCS sets insecure permissions on script source code files
Overview Hummingbird CyberDOCS running on Microsoft Internet Information Services IIS sets insecure permissions on script source code files. A remote attacker could read the contents of unprotected files. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document manageme...
Microsoft Windows RPCSS Service contains heap overflow in DCOM activation routines
Overview There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many version...
Hewlett-Packard Company MPE/iX FTPSRVR does not properly validate certain commands
Overview A vulnerability in the FTP server included with the MPE/iX operating system may allow a remote attacker to gain unauthorized access. Description MPE/iX is an operating system produced by Hewlett-Packard Company. The FTP server included with MPE/iX FTPSRVR contains a vulnerability which m...
Apple Mac OS X IPSec mechanism fails to handle certain incoming security policies that match by port
Overview Apple's Mac OS X IPSec implementation does not properly filter certain types of IP traffic. Description Apple Mac OS X contains an implementation of the IP Security Protocol IPSec. A vulnerability in this implementation may allow a remote attacker to exchange traffic with a host that...
Heap overflow in Snort "stream4" preprocessor
Overview The Snort "stream4" preprocessor module contains a vulnerability that allows remote attackers to execute arbitrary code with the privileges of the user running Snort, typically root. Description Researchers at CORE Security Technologies have discovered a remotely exploitable heap overflo...
Adobe Acrobat PDF viewers contain flaw when loading and verifying plug-ins
Overview Acrobat plug-ins can be digitally signed to determine whether they should be loaded by Adobe Acrobat Reader at startup. This digital signature mechanism is not cryptographically strong and allows other potentially-malicious plug-in code to pretend to be certified by Adobe and be executed...
Exim does not adequately validate user input thereby allow execution of arbitrary commands
Overview Under certain configurations, Exim may execute commands embedded in a mail message's From address. Description Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim can be configured to route all incoming mail or mail to particular addresses through...
Entrust GetAccess does not validate user input thereby allowing users to read arbitrary files
Overview Entrust GetAccess does not properly validate the CGI variable "LOCALE" and may be exploited to read arbitrary files on the server. Description Entrust GetAccess is a web software product for identifying users of a web site. Entrust GetAccess takes a CGI variable named "LOCALE" specifying...
Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) vulnerable to buffer overflow via _TT_CREATE_FILE()
Overview The Common Desktop Environment CDE ToolTalk RPC database server contains a buffer overflow condition that could let an attacker execute arbitrary code or cause a denial of service on a vulnerable system. The ToolTalk RPC database server typically runs with root privileges. Description A...
Microsoft SQL Server installation process leaves sensitive information on system
Overview Microsoft SQL server versions 7.0 and 2000, as well as MSDE 1.0, may leave installation and log files on the server after the installation process is complete. These files may contain senstitive information such as passwords used during the install. Users with authenticated access to the...
Microsoft SQL Server 2000 contains denial-of-service vulnerability in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral services for...
Microsoft SQLXML HTTP components vulnerable to cross-site scripting via root parameter
Overview A cross-site scripting vulnerability exists in the Microsoft SQLXML HTTP components. This vulnerability could allow an attacker to execute script on a victim's system with the victim's privileges. Description Microsoft SQL Server 2000 includes a feature called SQLXML that allows the serv...
Yahoo! Messenger "addview" function allows for the automatic execution of malicious script contained in web pages
Overview Yahoo! Messenger is an instant messaging client. When installed, Yahoo! Messenger enables a URI handler ymsgr :parameter. The addview function of this handler can be used to execute arbitrary script/html on the local system. Description The addview feature of Yahoo! Messenger is used to...
Oracle Reports Server Reports Web Cartridge (RWCGI60) vulnerable to buffer overflow via database name parameter
Overview A buffer overflow vulnerability in Oracle Reports Server 6i could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Reports Server process. Description Oracle Reports Server is a component of Oracle Application Server that handles client...
GnuPG contains format-string vulnerability in handling of encrypted data filename
Overview Some versions of Gnu Privacy Guard GPG contain a format-string vulnerability from improper handling of filenames when decrypting files. Description GPG is an OpenPGP-compliant alternative to PGP to protect electronic communications using public-key cryptography. Versions of GPG prior to...