3702 matches found
AOL Instant Messenger vulnerable to buffer overflow via numerous fonts sent to client followed by < HR>
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window and in some cases the operating systemOS. Description AIM for Windows stores font names in the messages sent from one client to another. B...
Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers
Overview Microsoft Internet Explorer contains a vulnerability in its handling of certain MIME headers in web pages and HTML email messages. This vulnerability may allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message...
Lotus Domino R5 Server vulnerable to DoS via nmap RPC scan on port 443/tcp
Overview Versions earlier than 5.0.9 of Lotus Domino R5 Servers with Secure Socket Layer SSL enabled are vulnerable to a denial of sevice. Description A remote user is able to crash the HTTP serving process on any Lotus Domino R5 Server using the nmap utility. Sending a request to port 443, the...
Cayman gateways are vulnerable to a denial of sevices via a long username or password
Overview Cayman gateways are vulnerable to a denial of service via the entry of a long username or password sent to the HTTP interface. Description Cayman gateways automatically restart upon the entry of a large79+ chars username or password to the HTTP interface. The log will show "restart not i...
Cayman gateways are vulnerable to a denial of service via a portscan
Overview Cayman gateways are vulnerable to a denial of service. An attacker can send a number of TCP connect requests or SYN packets, in conjunction with a "Bouncing" vulnerability, and can cause a denial of service to the gateway. Description The gateway will crash after receiving a number of TC...
Red Hat linux restore uses insecure environment variables allowing root compromise
Overview Some implementations of the Linux restoration utility, restore, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if restore is setuid root. Description Some implementations of the Linux restoration utility, restore...
Multiple vendors' RADIUS implementations do not adequately validate user input thereby permitting DoS and arbitrary command execution via 'radiusd' daemon
Overview Vulnerabilities in various implementations of the Remote Authentication Dial-In User Server RADIUS 'radiusd' daemon can allow an attacker to disrupt services or obtain unauthorized access. Description Various implementations of the Remote Authentication Dial-In User Server RADIUS 'radius...
Oracle 8i contains buffer overflow in TNS Listener
Overview A vulnerability in Oracle 8i allows intruders to assume control of the database server and/or the operating system on which the database server is running, depending on the platform used. Description The COVERT labs at PGP Security have discovered a buffer overflow vulnerability in Oracl...
Linux gpm daemon allows arbitrary file removal
Overview gpm version 1.19.2 and earlier are vulnerable due to a flaw that allows a local user to delete arbitrary files. Description gpm General Purpose Mouse is the program that lets you use the mouse in console mode when not using XWindows. It is usually included in Linux distributions, and can...
glibc does not check SUID bit on libraries in /etc/ld.so.cache
Overview The GNU libc library fails to perform a check for the SETUID bit for cached libraries in the /etc/ld.so.cache file. As a result, malicious users may create or modify privileged files. Description The GNU libc library allows preloading libraries via the LDPRELOAD environment variable,...
Unauthentic "Microsoft Corporation" certificates issued by Verisign to an unidentifed person
Overview On January 29 and 30, 2001, VeriSign, Inc. issued two certificates to an individual fraudulently claiming to be an employee of Microsoft Corporation. Any code signed by these certificates will appear to be legitimately signed by Microsoft when, in fact, it is not. Although users who try ...
Input validation error in quikstore.cgi allows attackers to execute commands
Overview The quikstore shopping cart script contains an input validation error that allows attackers to execute commands on affected web servers. Description The quikstore.cgi script is written in Perl and provides its users with shopping cart software for e-commerce transactions. In November 200...
Cisco IOS software vulnerable to DoS via HTTP request containing "%%"
Overview There is a denial-of-service vulnerability in several Cisco switch and router products which allows an attacker to force affected devices to crash and reboot. Description A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software which allows an...
Wang/Kodak Image Annotation ActiveX Control
Overview Description The Image Annotation control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Annotation control is one of several controls used to provide image editting services through a web site...
Hard-coded credentials in Technicolor TG670 DSL gateway router
Overview The Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. The authenticated user can use it to gain full administrative control of the router. Description A hard-coded...
Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries
Overview Buffalo AirStation Extreme N600 Router WZR-600DHP2, firmware versions 2.09, 2.13, 2.16, and possibly others, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-8262The Buffalo...
Securifi Almond routers contains multiple vulnerabilities
Overview Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-2914Securifi Almond and Almond 2015 use static source...
Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read
Overview Total Commander's File Info plugin version 2.21 attempts an out-of-bounds read when reading a file carefully crafted by an attacker. Description CWE-125: Out-of-bounds Read - CVE-2015-2869An attacker that can control the contents of certain file types may be able to cause an out-of-bound...
Grandsteam GXV3611_HD camera is vulnerable to SQL injection
Overview The Grandsteam GXV3611HD is an IP network camera used for surveillance and security. The Grandsteam GXV3611HD is vulnerable to a SQL injection attack. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2015-2866The Grandstream...
Centreon contains multiple vulnerabilities
Overview Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 contain multiple vulnerabilities. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' - CVE-2014-3829 Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 are...
Cobham Sailor 6000 series satellite terminal contain hardcoded credentials
Overview Cobham Sailor 6000 series satellite terminals contain hardcoded credentials for communicating via the Tbus 2 protocol. Description Note: this is a different vulnerability from VU460687CWE-798: Use of Hard-coded Credentials IOActive reports that Cobham Sailor 6000 series satellite...
Openfire contains an uncontrolled resource consumption vulnerability
Overview Openfire 3.9.1, and possibly earlier versions, contains an uncontrolled resource consumption CWE-400 vulnerability when using XMPP DEFLATE message compression. Description Openfire 3.9.1, and possibly earlier versions, contains an uncontrolled resource consumption CWE-400 vulnerability...
NagiosQL 3.2 Service Pack 2 contains a reflected cross-site scripting vulnerability
Overview NagiosQL 3.2 Service Pack 2 and possibly earlier versions contain a reflected cross-site scripting vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' NagiosQL 3.2 Service Pack 2 and possibly earlier versions contai...
IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway contain a URL redirection vulnerability
Overview IBM Tivoli Federated Identity Manager version 6.22 and possibly earlier versions, and IBM Tivoli Federated Identity Manager Business Gateway version 6.2.2 and possibly earlier versions contain a URL redirection CWE-601 vulnerability. Description CWE-601: URL Redirection to Untrusted Site...
Serva32 2.1.0 TFTPD service buffer overflow vulnerability
Overview Serva32 2.1.0 TFTPD service contains a buffer overflow vulnerability. Description The Serva32 2.1.0 TFTPD service contains a buffer overflow vulnerability when parsing large read requests. When the application reads in a large buffer the application crashes. --- Impact An unauthenticated...
PHP Address Book sqli vulnerability
Overview PHP Address Book web application is vulnerable to multiple sqli injection vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'PHP Address Book 8.2.5 and possibly older versions fail to sanitize input from multiple...
Symantec Antivirus products fail to properly handle CAB files
Overview Multiple Symantec Antivirus products fail to properly handle CAB files, which may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Description The CAB file decomposer component that is used by multiple Symantec Antivirus products fails to properl...
Trend Micro Control Manager adhoc query vulnerability
Overview Trend Micro Control Manager fails to properly filter user-supplied input within the ad hoc query module which could allow an attacker to upload and execute arbitrary code against the system. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL...
HP Arcsight Logger and Connector appliances cross-site scripting vulnerability
Overview HP's Arcsight Connector appliance v6.2.0.6244.0 and Arcsight Logger appliance v5.2.0.6288.0 and possibly other versions contain a file import facility which is vulnerable to cross-site scripting XSS. Description The supplied facility for importing host data from a file System Admin Tab |...
IBM ISS Proventia Mail Security contains multiple vulnerabilities
Overview IBM ISS Proventia Mail Security contains cross-site scripting and arbitrary file read vulnerabilities. Description The IBM security advisories state:CVE-2012-2955 "The administrative user interface contains pages where it is possible to inject arbitrary JavaScript code contained in an HT...
Project Open cross-site scripting vulnerability
Overview Project Open po version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting XSS vulnerability in the account-closed.tcl script Description The XSS vulnerability CWE-79 is contained within the message parameter in the account-closed.tcl script...
Microsoft Office Publisher contains multiple exploitable vulnerabilities
Overview Microsoft Office Publisher fails to properly validate Publisher documents, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Publisher is a desktop publishing application that is provided with some versions of...
IPComp encapsulation nested payload vulnerability
Overview Some IPComp implementations may contain a kernel memory corruption vulnerability in their handling of nested encapsulation of IPComp payloads. Description RFC 3173 defines the IP Payload Compression Protocol IPComp as:IP payload compression is a protocol to reduce the size of IP datagram...
RIM BlackBerry Application Web Loader ActiveX stack buffer overflow
Overview The RIM BlackBerry Application Web Loader ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RIM BlackBerry Application Web Loader is an ActiveX control that is used to loa...
Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge cross-site scripting vulnerability
Overview The Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge web interface contains a cross-site scripting vulnerability that may allow an attacker to spoof data or redirect end user's to other sites. Description The Rockwell Logix Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge uses ...
Trend Micro HouseCall ActiveX control notifyOnLoadNative() uses previously free'd memory
Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll contains a "use-after-free" vulnerability. Usi...
Microsoft Vista and Server 2008 vulnerable to memory corruption via saved search
Overview Microsoft Windows Vista and Server 2008 contain a memory corruption vulnerability when saving a specially crafted search file. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description In Windows Vista and Server 2008,...
HP Online Support Services ActiveX MoveFile() buffer overflow
Overview HP Online Support Services contains the function MoveFile, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Services provides online product support services including HP...
Microsoft Internet Explorer 7 DisableCachingOfSSLPages may not prevent caching
Overview Setting the Internet Explorer 7 option DisableCachingOfSSLPages may not prevent the caching of SSL-enabled web pages. Description Administrators and users can set the Internet Explorer DisableCachingOfSSLPages option to prevent sensitive or private data from being saved to disk. The...
Cisco IOS denial-of-service vulnerability
Overview A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. Description The Cisco Internetwork Operating System IOS includes support for processing Internet Protocol version 6 IPv6 packets.Per Cisco Advisory...
libarchive does not properly terminate loop
Overview libarchive contains a vulnerability that may allow an attacker to cause a denial of service. Description The libarchive library provides an interface for reading and writing archive files.There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an...
Adobe Form Designer and Advanced Form Client ActiveX controls contain multiple buffer overflows
Overview Adobe Form Designer and Advanced Form Client contain multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Adobe Form Designer and Advanced Form Client software provide multiple ActiveX...
Mozilla products vulnerable to memory corruption in the browser engine
Overview A number of vulnerabilities in the Mozilla browser engine may allow the execution of arbitrary code or denial of service. Description The Mozilla browser engine contains several vulnerabilities that may result in memory corruption. The impact of this memory corruption in specific cases i...
Trend Micro ServerProtect Integer Overflow Vulnerability
Overview Trend Micro ServerProtect contains an integer overflow vulnerability that may allow a remote attacker to execute arbitrary code. Description Trend Micro ServerProtect is an anti-virus application designed to run on Microsoft Windows servers. The application provides administrators with...
Microsoft Windows Vista Weather Gadget vulnerability
Overview The Windows Vista Weather gadget contains a vulnerability that may allow and attacker to execute code. Description From Microsoft Security Bulletin MS07-048:Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to t...
Microsoft Windows VML compressed content integer underflow
Overview Microsoft Windows VML fails to properly handle compressed content, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML, which is a set of XML tags for...
Trend Micro ServerProtect EarthAgent buffer overflow vulnerability
Overview Trend Micro ServerProtect contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. Description Trend Micro ServerProtect is an anti-virus application that is designed to run on Windows-based servers. The...
CA BrightStor ARCserve Backup Media Server RPC service buffer overflows
Overview The CA BrightStor ARCserve Backup Media Server contains multiple buffer overflows in the RPC service, which can allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Description BrightStor ARCserve Backup is a backup and data retention tool that...
CA BrightStor ARCserver Tape Engine memory corruption vulnerability
Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a memory corruption vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description BrightStor ARCserve Backup is a...
Mozilla Firefox fails to properly handle JavaScript onUnload events
Overview Mozilla Firefox does not properly handle JavaScript onUnload events. This vulnerability may lead to memory corruption that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The JavaScript onUnload event is executed when the brows...