3702 matches found
Mozilla Firefox fails to properly handle JavaScript onUnload events
Overview Mozilla Firefox does not properly handle JavaScript onUnload events. This vulnerability may lead to memory corruption that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The JavaScript onUnload event is executed when the brows...
Microsoft Windows Shell vulnerable to privilege escalation
Overview A vulnerability in Microsoft Windows Shell may allow an attacker to gain access with escalated privileges. Description The Microsoft Windows Shell Hardware Detection service provides notification for AutoPlay hardware events. This service fails to properly validate a function parameter i...
Computer Associates BrightStor ARCserve Backup LGSERVER.EXE stack buffer overflow
Overview Computer Associates BrightStor ARCserve Backup contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Computer Associates BrightStor ARCserve Backup products come with a service called LGSERVER.EX...
Voice mail systems allow administrative access based on Caller ID
Overview Certain voice mail systems trust Calling Number Identification CNID, Caller ID to authenticate administrative access to voice mail accounts. Caller ID can be easily spoofed, allowing an attacker to gain control over a vulnerable voice mailbox. Description Some voice mail systems use Call...
Yahoo Messenger YMailAttach ActiveX control buffer overflow
Overview The Yahoo Messenger YMailAttach ActiveX control contains a buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo Messenger is an instant messaging application. Yahoo Messenger includes several ActiveX...
Symantec Veritas NetBackup bpcd daemon fails to properly validate commands
Overview Symantec Veritas NetBackup is vulnerable to command chaining, which may allow a remote, authenticated attacker to execute arbitrary commands on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon fails t...
Sky Software FileView ActiveX control allows arbitrary command execution via unsafe methods
Overview The Sky Software FileView ActiveX control contains unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Sky Software FileView object is an ActiveX control that is provided with several applications, such as...
Microsoft Internet Explorer 7 may allow address bar spoofing
Overview Internet Explorer 7 may allow address bar spoofing in pop-up windows. This could let an attacker spoof the address of a web site. Description Internet Explorer 7 includes a new feature called "Address bar protection." This makes sure that every window, including pop-ups, will present an...
NVIDIA Display Driver for Unix systems vulnerable to buffer overflow
Overview A vulnerability in the NVIDIA Display Driver for Unix systems may allow a remote attacker to execute code on a vulnerable system. Description The NVIDIA Display Driver for Unix systems provides access to the display adapter's accelerated features on supported systems, and includes a modu...
McAfee HTTP Server vulnerable to buffer overflow
Overview A stack-based buffer overflow exists in the McAfee HTTP server that may allow a remote, unauthenticated attacker to execute arbitrary code. Description The McAfee HTTP server NAISERV.exe is used in McAfee products, such as McAfee ePolicy Orchestrator and Protection Pilot. The McAfee HTTP...
Roller Weblogger contains a cross-site scripting vulnerability
Overview A cross-site scripting vulnerability in Roller Weblogger may allow an attacker to read or modify data in web pages and cookies. Description There is a cross-site scripting vulnerability in the way that Roller handles data supplied in the comments section of a web page running the Roller...
Apple QuickTime movie buffer overflow vulnerability
Overview A buffer overflow vulnerability in the way Apple QuickTime handles movie files could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A buffer overflow vulnerability in QuickTime for Windows and Mac OS X may allow an attacker to execut...
Apple QuickTime fails to properly handle FlashPix files
Overview Apple QuickTime fails to properly handle FlashPix files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remot...
Symantec Veritas Backup Exec for Windows Server vulnerable to heap-based buffer overflow
Overview Symantec Veritas Backup Exec for Windows Server contains multiple heap-based buffer overflow vulnerabilities which can allow a remote, authenticated attacker to cause a denial of service or execute arbitrary code. Description VERITAS Backup Exec for Windows Server is a data backup and...
Microsoft Windows fails to properly parse the MHTML protocol
Overview Microsoft Windows fails to properly handle MHTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description MHTML According to Microsoft Security Bulletin MS06-043: MHTML extends HTML to embed encoded objects, such as images, in the HTML...
Microsoft Hyperlink Object Library buffer overflow
Overview A vulnerability in Microsoft Hyperlink Object Library may allow a remote attacker to execute arbitrary code on an affected system. Description The Hyperlink Object Library is a collection of application programming interfaces that provide functionality for handling hyperlinks. The...
Intel Centrino wireless network drivers fail to properly handle malformed frames
Overview Microsoft Windows drivers for Intel Centrino wireless adapters fail to properly handle malformed frames. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Microsoft Windows drivers for Intel Centrino 2200BG and 2915ABG PRO wireless...
Apple Mac OS X ImageIO vulnerable to integer overflow via specially crafted Radiance image
Overview The Apple Mac OS X ImageIO framework contains an integer overflow that may allow a remote attacker to execute arbitrary code on an affected system. Description Apple's ImageIO is an image processing framework that was introduced in Mac OS X 10.4 Tiger. It includes the ability to process...
Apple iTunes fails to properly parse AAC files
Overview Apple iTunes does not properly parse AAC files. This vulnerability may allow a remote attacker to execute arbitrary code. Description Apple iTunes Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. Advanced Audio Coding AAC file...
Microsoft Outlook Web Access for Exchange Server script injection vulnerability
Overview A script injection vulnerability exists in Microsoft Exchange Server running Outlook Web Access. Description Microsoft Outlook Web Access OWA is a service of Exchange Server. OWA allows authorized users to read and send email, manage their calendar, and perform other functions on an...
Microsoft DXImageTransform Light filter fails to validate input
Overview The Microsoft DXImageTransform Light COM object fails to validate input, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can be...
Mozilla JavaScript cloned parent vulnerability
Overview Mozilla products fail to properly restrict access to a JavaScript functions cloned parent. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Mozilla Foundation Security Advisory 2006-15: it was possible to use the...
Microsoft Windows fails to properly handle COM objects
Overview Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft COM Microsoft COM is a technology that allows programmers to create reusable software components...
Oracle products contain multiple vulnerabilities
Overview Multiple vulnerabilities exist in numerous Oracle products. The severity and impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exi...
TWiki does not properly sanitize URI parameters
Overview A lack of input validation in the TWiki revision control function may allow a remote, unauthenticated attacker to execute arbitrary commands. Description TWiki is a web-based collaborative publishing environment. TWiki does not sanitize user-controlled URI parameters supplied to the...
pam_ldap authentication bypass vulnerability
Overview An error in the pamldap password policy control may allow a remote attacker to gain access to a system. Description pamldap provides LDAP authentication services for UNIX-based systems. A vulnerability in pamldap may allow a remote attacker to bypass the authentication mechanism. If a...
Apple Mac OS X AppKit vulnerable to buffer overflow via maliciously crafted Microsoft Word files
Overview A buffer overflow vulnerability exists in a component of Apple's Mac OS X operating system that handles Microsoft Word files. Description The Cocoa Application Framework also referred to as the Application Kit, or AppKit is one of the core Cocoa frameworks supplied with Apple's Mac OS X...
PhpWebSite contains multiple cross-site scripting vulnerabilities
Overview PhpWebSite contains multiple cross-site scripting vulnerabilities that may allow an attacker to execute arbitrary code on users' web browser. Description PhpWebSite is an open-source web content management system. Certain PhpWebSite modules fail to properly filter URLs for malicious...
Microsoft Internet Explorer fails to honor "Drag and Drop" zone security preference
Overview The Internet Explorer IE zone security preference for "Drag and drop or copy and paste files" is not honored with Windows XP and Windows Server 2003. Description IE provides several settings for the various security zones. These settings can prevent certain actions from taking place in...
Check Point VPN-1 products contain boundary error in the ASN.1 decoding library
Overview A vulnerability exists in Check Point's VPN-1 Server, which is included in many Check Point products. This vulnerability may permit a remote attacker to compromise the gateway system. Description Check Point VPN-1 Server is a Virtual Private Network VPN application. A buffer overflow...
Apple Mac OS X vulnerable to privilege escalation when using Directory Services
Overview A vulnerability in Mac OS X may permit a local authenticated user with physical access to the machine to gain elevated privileges. Description Mac OS X permits the remote authentication of users via directory sevices lookups. When a user logs in to a machine configured to use the Directo...
Microsoft Help and Support Center (HCP) fails to properly validate HCP URLs
Overview The Microsoft Help and Support Center HCP fails to properly handle HCP URL validation. Exploitation of this vulnerability may permit remote attackers to execute arbitrary code on the system with the privileges of the current user. Description Microsoft Windows XP and Server 2003 Help and...
BEA WebLogic Server configuration wizard stores administrative credentials in clear text log files
Overview There is a vulnerability in BEA WebLogic Server in which a user with access to log files generated by the configuration wizard could obtain the administrative username and password. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure fo...
WinZip vulnerable to buffer overflow in handling of MIME archive parameters
Overview A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system. Description WinZip Computing, Inc.'s WinZip is a popular utility for creating and extracting a variety of archive file formats on Microsoft Windows-based...
metamail contains multiple buffer overflow vulnerabilities
Overview Multiple buffer overflows in the metamail package could allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the first widely...
Microsoft Virtual PC for Mac insecurely handles temporary file
Overview A component program of Microsoft Virtual PC for Mac uses an insecure method for handling a temporary file. This could allow an attacker with local system access to gain elevated privileges. Description Microsoft Virtual PC for Mac is a product that allows users of the Apple MacOS X...
Microsoft Windows fails to properly validate buffer size of incoming SMB packets
Overview Microsoft's implementation of Server Message Block SMB contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service. Description SMB and the Common Internet File System CIFS are closely related protocols used sharing...
Microsoft Windows RPCSS Service contains heap overflow in DCOM request filename handling
Overview There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many version...
Cisco Secure PIX Firewall TCP Reset Vulnerability
Overview A vulnerability in Cisco's Secure PIX Firewall may allow a remote attacker to reset arbitrary TCP sessions. Description Cisco describes the Secure PIX Firewall as, "an easy-to-install, integrated hardware/software firewall appliance". A vulnerability in the Secure PIX Firewall may allow ...
Microsoft SQL Server becomes unresponsive when large packet is sent to specific named pipe
Overview A vulnerability in Microsoft SQL Server may allow a local attacker to cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft describes SQL Server as, "a fully enterprise-class database product, providing core support for Extensible Marku...
Microsoft SQL Server vulnerable to buffer overflow
Overview Microsoft SQL Server contains a buffer overflow vulnerability. A local attacker could leverage this vulnerability to gain elevated privileges and/or execute arbitrary code. Description Quoting from Microsoft Security Bulletin MS03-031:A flaw exists in a specific Windows function that may...
Microsoft Windows Active Directory fails to handle long LDAP requests
Overview A flaw has been discovered in the way that Microsoft's Active Directory service handles large LDAP requests. This flaw could result in a denial-of-service vulnerability. Description The directory services provided by Microsoft's Active Directory are based on the Lightweight Directory...
Oracle E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication
Overview A vulnerability in Oracle's E-Business Suite Report Review Agent RRA allows arbitrary files to be retrieved with no authentication. Description A vulnerability exists in the Oracle E-Business Suite Report Review Agent RRA. This vulnerability may allow a remote attacker to retrieve...
Buffer Overflow in SGI IRIX syslogd
Overview A remotely exploitable buffer overflow in SGI IRIX syslogd may allow an attacker to crash syslogd or execute arbitrary code. Description There is a remotely exploitable buffer overflow in SGI IRIX syslogd. For more detailed information please see SGI Security Advisory 20020405-01-I. ---...
Sun Solaris lockd(1M) daemon vulnerable to DoS
Overview A remotely exploitable denial-of-service vulnerability exists in the Solaris lockd1M daemon. Exploitation of this vulnerability may kill the lockd process. Description Sun Microsystems describes the lockd1M daemon as follows:The lockd utility is part of the NFS lock manager, which suppor...
MIT Kerberos V5 allows inter-realm user impersonation by malicious realm controllers with shared keys
Overview MIT Kerberos V5 contains a flaw that allows the controller of one Kerberos realm to impersonate users in a second realm. Description MIT Kerberos V5 releases prior to 1.2.3 contain a vulnerability that allows users from one realm to impersonate users from other non-local realms that use...
Web servers enable HTTP TRACE method by default
Overview The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Description The HTTP...
State-based firewalls fail to effectively manage session table resource exhaustion
Overview There is a vulnerability in several state-based firewall products that allows arbitrary remote attackers to conduct denial of service attacks against vulnerable firewalls. Description Many firewall products use state tables to determine whether a given packet belongs to an existing sessi...
Microsoft Java implementation JDBC classes do not properly validate DLL requests
Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM do not properly validate DLL requests, allowing a malicious applet to load and execute any DLL on the client system. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and XP. It is used...
WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution
Overview WebBoard does not adequately validate user input, allowing attackers to execute arbitrary JavaScript code on other WebBoard users' systems. Description WebBoard is a web application which includes a real-time chat server, using JavaScript alerts to display messages received by other user...