Oracle E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication

Overview A vulnerability in Oracle's E-Business Suite Report Review Agent RRA allows arbitrary files to be retrieved with no authentication. Description A vulnerability exists in the Oracle E-Business Suite Report Review Agent RRA. This vulnerability may allow a remote attacker to retrieve...

Multiple implementations of the Session Initiation Protocol (SIP) contain multiple types of vulnerabilities

Overview Oulu University has discovered a variety of vulnerabilities affecting products that implement the Session Initiation Protocol SIP. These vulnerabiltites affect a wide variety of products, with impacts ranging from denial of service to execution of arbitrary code. SIP is used in Voice Ove...

MIT Kerberos V5 allows inter-realm user impersonation by malicious realm controllers with shared keys

Overview MIT Kerberos V5 contains a flaw that allows the controller of one Kerberos realm to impersonate users in a second realm. Description MIT Kerberos V5 releases prior to 1.2.3 contain a vulnerability that allows users from one realm to impersonate users from other non-local realms that use...

State-based firewalls fail to effectively manage session table resource exhaustion

Overview There is a vulnerability in several state-based firewall products that allows arbitrary remote attackers to conduct denial of service attacks against vulnerable firewalls. Description Many firewall products use state tables to determine whether a given packet belongs to an existing sessi...

SetupCtl 1.0 Type Library contains a buffer overflow

Overview SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely exploitable buffer overflow. This control ships with Microsoft Internet Explorer 4.01 and 5. Description SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely...

Microsoft Windows Media Player creates URL shortcut that may contain HTML code in known location in Local Computer Zone

Overview There is a vulnerability in the creation of Internet shortcuts in Windows Media Player version 6.4 and 7. This vulnerability may allow attackers to execute arbitrary commands when a victim views a malicious web page. Description Windows Media Player versions 6.4 and 7 create Internet...

Microsoft Windows 2000 fails to apply Group Policy to clients when policy file has been opened using exclusive read access (MS02-016)

Overview A vulnerability in the locking of Group Policy Files under Windows 2000 may allow a local intruder to circumvent recently applied policy settings. Description When a user logs onto a Windows 2000 system, a number of "security policy" settings are applied to that user's session. The...

Pi-Soft SpoonFTP does not adequately validate user input thereby allowing directory traversal

Overview SpoonFTP Server does not adequately validate user input, allowing directory traversal. Description SpoonFTP Server does not adequately validate arguments to the CWD command, allowing directory traversal out of the FTP root directory. --- Impact Users may read any directory or file on the...

Entrust GetAccess does not validate user input thereby allowing users to read arbitrary files

Overview Entrust GetAccess does not properly validate the CGI variable "LOCALE" and may be exploited to read arbitrary files on the server. Description Entrust GetAccess is a web software product for identifying users of a web site. Entrust GetAccess takes a CGI variable named "LOCALE" specifying...

Microsoft SQL Server 2000 contains denial-of-service vulnerability in SQL Server Resolution Service

Overview Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral services for...

XDMCP leaks sensitive information by default configuration

Overview An information leakage vulnerability exists in the default configuration of the X Display Management Console Protocol XDMCP daemon. Description On some operating systems, the X Display Manager Control Protocol XDMCP daemon is set to permit remote access to the local machine from any host...

Oracle 9i Database Server PL/SQL module allows remote command execution without authentication

Overview Oracle Database Server allows remote users to execute system commands without authenticating. Description Oracle Database Server provides extended functionality through the use of Procedural Language/Structured Query Language PL/SQL libraries. PL/SQL includes commands to load arbitrary...

Compaq web-enabled management software buffer overflow vulnerability

Overview The Compaq web-enabled management software contains a buffer overflow. Remote intruders may be able to execute arbitrary code with privileges on affected systems. Many Compaq products are affected, from personal computers to commercial UNIX operating systems. Description The Compaq...

Cisco IOS and CatOS fail to properly validate ARP packets thereby overwriting device's MAC address in ARP table

Overview There is a denial-of-service vulnerability in specific versions of Cisco IOS or CatOS. Description A denial-of-service vulnerability exists in specific versions of Cisco IOS or CatOS. This vulnerability can cause the device to crash or become unavailable if specially crafted arp packets...

HP Tru64 UNIX "msgchk" contains buffer overflow (SSRT2275)

Overview msgchk, a part of the MH mail system, reportedly suffers from a buffer overflow with respect to the name of the inbox to be checked for new mail. This overflow would allow the user of msgchk to execute arbitrary code. Description msgchk is the portion of the MH mail system that checks fo...

OpenSSL PRNG contains design flaw that allows a user to determine internal state and predict future output

Overview The pseudorandom number generator PRNG in OpenSSL has a weakness that allows an attacker to determine its internal state and subsequently determine its future output values. Description OpenSSL's PRNG hashes an internal state to produce output values, which are supposed to be pseudorando...

Air Messenger LAN Server (AMLServer) stores usernames and passwords in plaintext

Overview Air Messenger LAN Server AMLServer stores usernames and passwords in plaintext. Description AMLServer for windows is a paging gateway that allows users on a TCP/IP LAN to communicate with mobile devices such as phones and pagers. Access to AMLServer's services is protected by a user...

Sun Solaris catman creates temporary files insecurely

Overview catman, the unix manual display utility, creates insecure temporary files with predictable names in a world-writable directory. Since catman executes with system administration privileges, a symbolic link attack could overwrite arbitrary files. Description There is a vulnerability in...

Microsoft IIS FTP service searches all trusted domains for user accounts

Overview The Microsoft IIS FTP Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft IIS FTP Service allows users to establish connections using either local accounts or Windows domain...

Network Associates CSMAP and smap/smapd vulnerable to buffer overflow thereby allowing arbitrary command execution

Overview A remotely exploitable buffer overflow exists in the Gauntlet Firewall. Description The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound e-mail.This...

Cayman gateways are vulnerable to a denial of sevices via a long username or password

Overview Cayman gateways are vulnerable to a denial of service via the entry of a long username or password sent to the HTTP interface. Description Cayman gateways automatically restart upon the entry of a large79+ chars username or password to the HTTP interface. The log will show "restart not i...

Cayman gateways are vulnerable to a denial of service via a portscan

Overview Cayman gateways are vulnerable to a denial of service. An attacker can send a number of TCP connect requests or SYN packets, in conjunction with a "Bouncing" vulnerability, and can cause a denial of service to the gateway. Description The gateway will crash after receiving a number of TC...

Multiple vendors' RADIUS implementations do not adequately validate user input thereby permitting DoS and arbitrary command execution via 'radiusd' daemon

Overview Vulnerabilities in various implementations of the Remote Authentication Dial-In User Server RADIUS 'radiusd' daemon can allow an attacker to disrupt services or obtain unauthorized access. Description Various implementations of the Remote Authentication Dial-In User Server RADIUS 'radius...

Potential vulnerabilities in Qualcomm Eudora WorldMail Server LDAP handling code

Overview The Qualcomm Eudora WorldMail Server may contain vulnerabilities that allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this...

Linux gpm daemon allows arbitrary file removal

Overview gpm version 1.19.2 and earlier are vulnerable due to a flaw that allows a local user to delete arbitrary files. Description gpm General Purpose Mouse is the program that lets you use the mouse in console mode when not using XWindows. It is usually included in Linux distributions, and can...

glibc does not check SUID bit on libraries in /etc/ld.so.cache

Overview The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files. Description The GNU libc library allows preloading libraries via the LDPRELOAD environment variable,...

Sun Solaris mailx contains buffer overflow via -F option

Overview A buffer overflow in the mailx program on Solaris systems can allow an intruder to execute code with the privileges of the mail group. Description A buffer overflow in the -F option of the mailx program on Solaris systems may allow an intruder to execute code with the privileges of the...

Compaq web-enabled management software contains buffer overflow in authentication username

Overview The Compaq web-enabled management software contains a buffer overflow in the authentication component of the product. Remote intruders may be able to execute arbitrary code with privileges on affected systems. Many Compaq products are affected, from personal computers to commercial UNIX...

Cisco IOS software vulnerable to DoS via HTTP request containing "%%"

Overview There is a denial-of-service vulnerability in several Cisco switch and router products which allows an attacker to force affected devices to crash and reboot. Description A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software which allows an...

Wang/Kodak Image Thumbnail ActiveX Control

Overview Description The Image Thumbnail control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Thumbnail control is one of several controls used to provide image editting services through a web site. Becaus...

Office 2000 UA Control incorrectly marked safe for scripting

Overview The Microsoft Office 2000 UA ActiveX control is incorrectly marked as "safe for scripting". This vulnerability may allow an intruder to disable macro warnings in Office products and, subsequently, execute arbitrary code. This vulnerability may be exploited by viewing an HTML document via...

Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement

Overview Multiple hosted, outbound SMTP servers are vulnerable to email impersonation. This allows authenticated users and certain trusted networks to send emails containing spoofed sender information. Two vulnerabilities were identified that reduce the authentication and verification of the...

Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process

Overview Parsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed a local user with Parsec access to gain NTAUTHORITY/SYSTEM privileges. Description The vulnerability is a time-of-check time–of-use TOCTOU vulnerability. There existed a small...

ASUS RP-AC52 contains multiple vulnerabilities

Overview The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery and command injection. Description CWE-352:Cross-Site Request ForgeryCSRF- CVE-2016-6557 The RP-AC52 web interface does not sufficiently verify whether a valid reque...

libbpg contains a type confusion vulnerability that leads to out of bounds write

Overview libbpg is a library for the BPG graphics format. libbpg 0.9.5 through 0.9.7 may allow a crafted file to write out-of-bounds, which may lead to denial of service or arbitrary code execution. Description CWE-787: Out-of-bounds Write - CVE-2016-5637According to the reporter, improper checki...

Securifi Almond routers contains multiple vulnerabilities

Overview Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-2914Securifi Almond and Almond 2015 use static source...

Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities

Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform "enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time." It...

Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read

Overview Total Commander's File Info plugin version 2.21 attempts an out-of-bounds read when reading a file carefully crafted by an attacker. Description CWE-125: Out-of-bounds Read - CVE-2015-2869An attacker that can control the contents of certain file types may be able to cause an out-of-bound...

Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files

Overview The Synology Cloud Station sync client for OS X contains a setuid root executable that allows regular users to claim ownership of system files. Description CWE-276: Incorrect Default Permissions - CVE-2015-2851The Synology Cloud Station sync client for OS X contains an executable named...

ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities

Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...

Dell KACE K1000 management appliance contains a cross-site scripting vulnerability

Overview Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting XSS...

IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway contain a URL redirection vulnerability

Overview IBM Tivoli Federated Identity Manager version 6.22 and possibly earlier versions, and IBM Tivoli Federated Identity Manager Business Gateway version 6.2.2 and possibly earlier versions contain a URL redirection CWE-601 vulnerability. Description CWE-601: URL Redirection to Untrusted Site...

PHP Address Book sqli vulnerability

Overview PHP Address Book web application is vulnerable to multiple sqli injection vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'PHP Address Book 8.2.5 and possibly older versions fail to sanitize input from multiple...

Symantec Antivirus products fail to properly handle CAB files

Overview Multiple Symantec Antivirus products fail to properly handle CAB files, which may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Description The CAB file decomposer component that is used by multiple Symantec Antivirus products fails to properl...

HP Arcsight Logger and Connector appliances cross-site scripting vulnerability

Overview HP's Arcsight Connector appliance v6.2.0.6244.0 and Arcsight Logger appliance v5.2.0.6288.0 and possibly other versions contain a file import facility which is vulnerable to cross-site scripting XSS. Description The supplied facility for importing host data from a file System Admin Tab |...

Microsoft Office Publisher contains multiple exploitable vulnerabilities

Overview Microsoft Office Publisher fails to properly validate Publisher documents, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Publisher is a desktop publishing application that is provided with some versions of...

SmarterTools default basic web server vulnerabilities

Overview Multiple SmarterTools applications install a default basic web server which contains multiple vulnerabilities Description Multiple SmarterTools applications by default install a basic web server which allows administrators to start using the application immediately after installation. Th...

IPComp encapsulation nested payload vulnerability

Overview Some IPComp implementations may contain a kernel memory corruption vulnerability in their handling of nested encapsulation of IPComp payloads. Description RFC 3173 defines the IP Payload Compression Protocol IPComp as:IP payload compression is a protocol to reduce the size of IP datagram...

IntelliCom NetBiter NB100 and NB200 platforms contain multiple vulnerabilities

Overview IntelliCom NetBiter products based on the NB100 and NB200 platforms contain multiple vulnerabilities. Description IntelliCom NetBiter products based on the NB100 and NB200 platforms contain multiple vulnerabilities. A user who has been authenticated at the superadmin level highest...

Attachmate Reflection for the Web cross site scripting vulnerability

Overview Attachmate Reflection for the Web contains a non-persistent cross site scripting vulnerability. Description The following versions of Attachmate's Reflection for the Web products are vulnerable to a non-persistent cross site scripting vulnerability. Reflection for the Web 2008 R2 builds...