Format string vulnerability in libutil pw_error(3) function

Overview There is an input validation vulnerability in the OpenBSD libutil system library that allows local users to gain superuser access via the chpass utility. Description On June 30, 2000, the OpenBSD development team repaired an input validation vulnerability in the pwerror function of the...

Wang/Kodak Image Annotation ActiveX Control

Overview Description The Image Annotation control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Annotation control is one of several controls used to provide image editting services through a web site...

Hard-coded credentials in Technicolor TG670 DSL gateway router

Overview The Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. The authenticated user can use it to gain full administrative control of the router. Description A hard-coded...

TaxiHail Android mobile app contains multiple vulnerabilties

Overview Mobile Knowledge's TaxiHail is vulnerable to information disclosure and missing encryption of sensitive data. Description The Mobile Knowledge TaxiHail framework "allows passengers to book and manage their own reservations via iOS, android or the web in real-time, alleviating call...

Dell System Detect installs root certificate and private key (DSDTestProvider)

Overview Dell System Detect installs the DSDTestProvider certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...

Securifi Almond routers contains multiple vulnerabilities

Overview Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-2914Securifi Almond and Almond 2015 use static source...

Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read

Overview Total Commander's File Info plugin version 2.21 attempts an out-of-bounds read when reading a file carefully crafted by an attacker. Description CWE-125: Out-of-bounds Read - CVE-2015-2869An attacker that can control the contents of certain file types may be able to cause an out-of-bound...

Centreon contains multiple vulnerabilities

Overview Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 contain multiple vulnerabilities. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' - CVE-2014-3829 Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 are...

Cobham Sailor 6000 series satellite terminal contain hardcoded credentials

Overview Cobham Sailor 6000 series satellite terminals contain hardcoded credentials for communicating via the Tbus 2 protocol. Description Note: this is a different vulnerability from VU460687CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 6000 series satellite...

Openfire contains an uncontrolled resource consumption vulnerability

Overview Openfire 3.9.1, and possibly earlier versions, contains an uncontrolled resource consumption CWE-400 vulnerability when using XMPP DEFLATE message compression. Description Openfire 3.9.1, and possibly earlier versions, contains an uncontrolled resource consumption CWE-400 vulnerability...

Blue Coat ProxySG local user changes contain a time and state vulnerability

Overview Changes to Blue Coat ProxySG local users do not take effect immediately, giving an attacker with known credentials a window of opportunity to use those credentials even if the user was deleted or the password was changed. CWE-361 Description Blue Coat Security Advisory SA77 states:SGOS...

Citrix NetScaler and Access Gateway Enterprise Edition unauthorized access to network resources vulnerability

Overview Citrix NetScaler and Access Gateway Enterprise Edition contain a vulnerability which could result in unauthorized access to network resources. Description Citrix NetScaler and Access Gateway Enterprise Edition contain a vulnerability which could allow a remote attacker to gain unauthoriz...

pd-admin contains cross-site scripting vulnerabilities

Overview pd-admin, a web interface for users of hosting providers, is susceptible to cross-site scripting XSS vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' pd-admin, contains cross-site scripting XSS vulnerabilities. The...

Trend Micro Control Manager adhoc query vulnerability

Overview Trend Micro Control Manager fails to properly filter user-supplied input within the ad hoc query module which could allow an attacker to upload and execute arbitrary code against the system. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL...

F5 Networks ASM appliance contains a cross-site scripting vulnerability

Overview F5 Networks ASM appliance versions 10.0.0 through 11.2.0 HF2 are susceptible to a cross-site scripting vulnerability in the traffic overview page. Description A cross-site scripting XSS CWE-79 vulnerability exists in the traffic overview page. By sending several malicious requests, an...

HP Arcsight Logger and Connector appliances cross-site scripting vulnerability

Overview HP's Arcsight Connector appliance v6.2.0.6244.0 and Arcsight Logger appliance v5.2.0.6288.0 and possibly other versions contain a file import facility which is vulnerable to cross-site scripting XSS. Description The supplied facility for importing host data from a file System Admin Tab |...

Project Open cross-site scripting vulnerability

Overview Project Open po version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting XSS vulnerability in the account-closed.tcl script Description The XSS vulnerability CWE-79 is contained within the message parameter in the account-closed.tcl script...

Wibu-Systems CodeMeter remote denial of service vulnerability

Overview Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets. Description Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listen...

Microsoft Office Publisher contains multiple exploitable vulnerabilities

Overview Microsoft Office Publisher fails to properly validate Publisher documents, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Publisher is a desktop publishing application that is provided with some versions of...

Libpng 1.5.0 png_set_rgb_to_gray() vulnerability

Overview Libpng-1.5.0 introduced a vulnerability in the rgb-to-gray transform function. Description Libpng based applications that call the pngsetrgbtogray function from pngrtran.c are vulnerable. Libpng versions prior to 1.5.0 are not vulnerable. --- Impact An attacker may cause the application ...

Adobe Reader contains multiple vulnerabilities in the processing of JPX data

Overview Adobe Reader and Acrobat contain multiple vulnerabilities that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF...

Microsoft Vista and Server 2008 vulnerable to memory corruption via saved search

Overview Microsoft Windows Vista and Server 2008 contain a memory corruption vulnerability when saving a specially crafted search file. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description In Windows Vista and Server 2008,...

Apple Safari automatically executes downloaded files based on Internet Explorer zone settings

Overview Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple Safari is a web browser that is available for OS X and Microsoft Windows platforms. Apple...

PhotoStockPlus Uploader Tool ActiveX stack buffer overflows

Overview The PhotoStockPlus Uploader Tool ActiveX control contains several stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description PhotoStockPlus provides an image uploader ActiveX control, which is provided by the...

Microsoft Internet Explorer 7 DisableCachingOfSSLPages may not prevent caching

Overview Setting the Internet Explorer 7 option DisableCachingOfSSLPages may not prevent the caching of SSL-enabled web pages. Description Administrators and users can set the Internet Explorer DisableCachingOfSSLPages option to prevent sensitive or private data from being saved to disk. The...

Cisco IOS denial-of-service vulnerability

Overview A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. Description The Cisco Internetwork Operating System IOS includes support for processing Internet Protocol version 6 IPv6 packets.Per Cisco Advisory...

libarchive does not properly terminate loop

Overview libarchive contains a vulnerability that may allow an attacker to cause a denial of service. Description The libarchive library provides an interface for reading and writing archive files.There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an...

Adobe Form Designer and Advanced Form Client ActiveX controls contain multiple buffer overflows

Overview Adobe Form Designer and Advanced Form Client contain multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Adobe Form Designer and Advanced Form Client software provide multiple ActiveX...

Liferay Portal Enterprise Admin User-Agent HTTP header XSS

Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to gain administrative access. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The...

Microsoft Kodak Image Viewer code execution vulnerability

Overview The Kodak Image Viewer which is included in Windows 2000 contains a code execution vulnerability. Description The Kodak Image Viewer is included in Windows 2000. It may also be present on other versions of Windows that were upgraded from Windows 2000.Per Microsoft Security Bulletin...

VUPlayer malformed playlist buffer overflow

Overview VUPlayer fails to properly handle malformed playlists. This vulnerability may allow a remote attacker to execute arbitrary code. Description VUPlayer is a freeware audio player for the Microsoft Windows platform. It can play various types of media files, such as MP3s. A Playlist .PLS or...

Broderbund Expressit 3DGreetings Player ActiveX control buffer overflows

Overview The Broderbund Expressit 3DGreetings Player ActiveX control contains multiple buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The 3DGreetings Player is an ActiveX control that displays 3D greeting cards...

Trend Micro ServerProtect Integer Overflow Vulnerability

Overview Trend Micro ServerProtect contains an integer overflow vulnerability that may allow a remote attacker to execute arbitrary code. Description Trend Micro ServerProtect is an anti-virus application designed to run on Microsoft Windows servers. The application provides administrators with...

Yahoo! Installer Plugin for Widgets ActiveX control stack buffer overflow

Overview The Yahoo! Installer Plugin for Widgets ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Widgets is a program for Windows that allows the user to run applications call...

Microsoft Windows Vista Weather Gadget vulnerability

Overview The Windows Vista Weather gadget contains a vulnerability that may allow and attacker to execute code. Description From Microsoft Security Bulletin MS07-048:Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to t...

Microsoft Windows VML compressed content integer underflow

Overview Microsoft Windows VML fails to properly handle compressed content, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML, which is a set of XML tags for...

IBM and Lenovo Access Support acpRunner ActiveX control format string vulnerability

Overview The IBM Lenovo Access Support acpRunner ActiveX control contains a format string vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes several...

Microsoft DirectX Media 6.0 Live Picture Corporation DirectTransform FlashPix ActiveX control buffer overflow

Overview The Live Picture Corporation DirectTransform FlashPix ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft DirectX Media 6.0 SDK includes an ActiveX control that is...

VLC Media Player format string vulnerability

Overview VLC contains a format string vulnerability that may allow an attacker to execute code. Description VideoLAN VLC is a streaming media player that runs on multiple platforms. From VideoLAN Security Advisory 0702: VLC media player Ogg/Vorbis, Ogg/Theora, CDDA CD Digital Audio and SAP Servic...

Adobe Flash Player fails to properly validate HTTP Referers

Overview The Adobe Flash Player fails to properly validate HTTP Referers. This may allow an attacker to conduct cross-site request forgery attacks. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser...

Symantec Norton Internet Security 2004 ISAlertDataCOM ActiveX control stack buffer overflow

Overview The Symantec Norton Internet Security 2004 ISAlertDataCOM ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Symantec Norton Internet Security is a software package for Windows...

Trend Micro ServerProtect EarthAgent buffer overflow vulnerability

Overview Trend Micro ServerProtect contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. Description Trend Micro ServerProtect is an anti-virus application that is designed to run on Windows-based servers. The...

CA BrightStor ARCserve Backup Media Server RPC service buffer overflows

Overview The CA BrightStor ARCserve Backup Media Server contains multiple buffer overflows in the RPC service, which can allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Description BrightStor ARCserve Backup is a backup and data retention tool that...

Microsoft Windows Agent fails to properly process crafted URLs

Overview Microsoft Agent fails to properly handle specially crafted URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Agent is software that provides animated characters to enhance interaction with computer systems...

InterActual Player SyscheckObject ActiveX controls contain stack buffer overflows

Overview InterActual Player provides multiple ActiveX controls that are vulnerable to buffer overflows. This can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems...

CA BrightStor ARCserver Tape Engine memory corruption vulnerability

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a memory corruption vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description BrightStor ARCserve Backup is a...

Apple Mac OS X fails to properly handle corrupted UDTO HFS+ image structures

Overview Apple Mac OS X fails to properly handle corrupted UDTO HFS+ image structures. This vulnerability may allow an attacker to cause a denial-of-service condition. Description Hierarchical File System HFS+ is a file system that supports files that use 32-bit block addresses and Unicode file a...

HP Mercury products vulnerable to buffer overflow

Overview Some HP Mercury products are vulnerable to a buffer overflow and may allow an attacker to execute arbitrary code. Description The magentproc.exe service provided with some HP Mercury products fails to properly parse values in the serveripname field. If an overly long value is sent in thi...

Mozilla Firefox fails to properly handle JavaScript onUnload events

Overview Mozilla Firefox does not properly handle JavaScript onUnload events. This vulnerability may lead to memory corruption that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The JavaScript onUnload event is executed when the brows...

Microsoft Windows Shell vulnerable to privilege escalation

Overview A vulnerability in Microsoft Windows Shell may allow an attacker to gain access with escalated privileges. Description The Microsoft Windows Shell Hardware Detection service provides notification for AutoPlay hardware events. This service fails to properly validate a function parameter i...