FTE fails to properly validate command line arguments

Overview FTE contains a vulnerability in the processing of command line arguments that could allow an attacker to execute arbitrary code. Description FTE is a text editor available for a variety of operating systems. There is a buffer overflow vulnerability in the way FTE performs bounds checking...

Microsoft Jet Database Engine database request handling buffer overflow

Overview The Microsoft Jet Database Engine Jet provides data access functionality to a number of other Microsoft and many third party applications. A buffer overflow vulnerability exists in the Jet Database Engine that could allow a remote attacker to execute code of their choosing on an affected...

Ethereal IrDA dissector plugin fails to properly parse IRCOM_PORT_NAME parameter

Overview Ethereal contains a vulnerability in the way the Infrared Data Association IrDA dissector plugin parses the IRCOMPORTNAME parameter. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing IrDA data. There is a vulnerability in the...

WinZip vulnerable to buffer overflow in handling of MIME archive parameters

Overview A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system. Description WinZip Computing, Inc.'s WinZip is a popular utility for creating and extracting a variety of archive file formats on Microsoft Windows-based...

metamail contains multiple buffer overflow vulnerabilities

Overview Multiple buffer overflows in the metamail package could allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the first widely...

Microsoft Internet Explorer execCommand method does not properly validate URL source

Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary...

Microsoft Windows fails to properly validate buffer size of incoming SMB packets

Overview Microsoft's implementation of Server Message Block SMB contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service. Description SMB and the Common Internet File System CIFS are closely related protocols used sharing...

Microsoft Windows RPCSS Service contains heap overflow in DCOM request filename handling

Overview There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many version...

Cisco Secure PIX Firewall TCP Reset Vulnerability

Overview A vulnerability in Cisco's Secure PIX Firewall may allow a remote attacker to reset arbitrary TCP sessions. Description Cisco describes the Secure PIX Firewall as, "an easy-to-install, integrated hardware/software firewall appliance". A vulnerability in the Secure PIX Firewall may allow ...

Microsoft SQL Server vulnerable to buffer overflow

Overview Microsoft SQL Server contains a buffer overflow vulnerability. A local attacker could leverage this vulnerability to gain elevated privileges and/or execute arbitrary code. Description Quoting from Microsoft Security Bulletin MS03-031:A flaw exists in a specific Windows function that may...

GnuPG contains flaw in key validation code

Overview A vulnerability in GnuPG may cause keys with multiple user ID's to give other user IDs on the key a false amount of validity. Description From the GnuPG homepage:GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. It can be used to encrypt data...

Oracle E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication

Overview A vulnerability in Oracle's E-Business Suite Report Review Agent RRA allows arbitrary files to be retrieved with no authentication. Description A vulnerability exists in the Oracle E-Business Suite Report Review Agent RRA. This vulnerability may allow a remote attacker to retrieve...

Some implementations of mod_dav contain a format string vulnerability in "ap_log_rerror()" function

Overview A vulnerability in some implementations of moddav may permit a remote attacker to gain unauthorized access to a web server running moddav. Description moddav is a module designed to provide DAV capabilities for a web server. A format string vulnerability in some implementations may permi...

Sun Solaris lockd(1M) daemon vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Solaris lockd1M daemon. Exploitation of this vulnerability may kill the lockd process. Description Sun Microsystems describes the lockd1M daemon as follows:The lockd utility is part of the NFS lock manager, which suppor...

MIT Kerberos V5 allows inter-realm user impersonation by malicious realm controllers with shared keys

Overview MIT Kerberos V5 contains a flaw that allows the controller of one Kerberos realm to impersonate users in a second realm. Description MIT Kerberos V5 releases prior to 1.2.3 contain a vulnerability that allows users from one realm to impersonate users from other non-local realms that use...

PC-cillin "pop3trap.exe" vulnerable to buffer overflow via long string of characters

Overview A locally exploitable buffer overflow exists in PC-cillin. Description Trend Micro describes PC-cillin as follows:Trend Micro PC-cillin provides all-in-one antivirus security, personal firewall, and PDA protection for your PC. The user-friendly interface makes it easy to install and use...

State-based firewalls fail to effectively manage session table resource exhaustion

Overview There is a vulnerability in several state-based firewall products that allows arbitrary remote attackers to conduct denial of service attacks against vulnerable firewalls. Description Many firewall products use state tables to determine whether a given packet belongs to an existing sessi...

WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution

Overview WebBoard does not adequately validate user input, allowing attackers to execute arbitrary JavaScript code on other WebBoard users' systems. Description WebBoard is a web application which includes a real-time chat server, using JavaScript alerts to display messages received by other user...

Microsoft Windows 2000 fails to apply Group Policy to clients when policy file has been opened using exclusive read access (MS02-016)

Overview A vulnerability in the locking of Group Policy Files under Windows 2000 may allow a local intruder to circumvent recently applied policy settings. Description When a user logs onto a Windows 2000 system, a number of "security policy" settings are applied to that user's session. The...

Microsoft Windows 2000 Indexing Services enumerates local file locations via ixsso.query ActiveX object

Overview Index Server 2.0 and the Indexing Service 3.0 contain a vulnerability that may allow remote intruders to gain information about files on the local computer. Description Index Server 2.0 and Indexing Service 3.0 are services that allow information about local files to be queried via a web...

Entrust GetAccess does not validate user input thereby allowing users to read arbitrary files

Overview Entrust GetAccess does not properly validate the CGI variable "LOCALE" and may be exploited to read arbitrary files on the server. Description Entrust GetAccess is a web software product for identifying users of a web site. Entrust GetAccess takes a CGI variable named "LOCALE" specifying...

Microsoft SQL Server 2000 contains denial-of-service vulnerability in SQL Server Resolution Service

Overview Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral services for...

Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) executes code as Local System

Overview The Windows 2000 Network DDE agent permits local users to execute commands with system privileges. Description Dynamic Data Exchange DDE is an interprocess communication mechanism used in Microsoft Windows. A DDE share is an area of memory which is used to store and retrieve data. Networ...

Microsoft Windows 2000 Event Viewer contains buffer overflow

Overview The Windows 2000 event viewer contains a buffer overflow. Description The Microsoft Windows 2000 event viewer contains a buffer overflow that can be exploited when a record written to an event log is examined by the event viewer. Both privileged and unprivileged users can read and write ...

Microsoft Windows 2000 System Monitor ActiveX Control contains buffer overflow

Overview There is a buffer overflow in the System Monitor ActiveX control that ships with Windows 2000. Description The System Monitor ActiveX control sysmon.ocx included with Windows 2000 contains a buffer overflow. For more information, see...

Oracle 9iAS default configuration allows arbitrary users to view sensitive configuration files

Overview It is possible to read the "XSQLConfig.xml" and "soapConfig.xml" configuration files from an Oracle 9i Application Server under the default installation without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially...

Oracle 9i Database Server PL/SQL module allows remote command execution without authentication

Overview Oracle Database Server allows remote users to execute system commands without authenticating. Description Oracle Database Server provides extended functionality through the use of Procedural Language/Structured Query Language PL/SQL libraries. PL/SQL includes commands to load arbitrary...

shadow-utils useradd creates temporary files insecurely

Overview Shadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an...

Air Messenger LAN Server (AMLServer) stores usernames and passwords in plaintext

Overview Air Messenger LAN Server AMLServer stores usernames and passwords in plaintext. Description AMLServer for windows is a paging gateway that allows users on a TCP/IP LAN to communicate with mobile devices such as phones and pagers. Access to AMLServer's services is protected by a user...

Redhat Linux diskcheck.pl creates predictable temporary file and fails to check for existing symbolic link of same name

Overview Diskcheck.pl is a PERL script, part of Red Hat's powertools suite, that alerts a system administrator if any file system approaches capacity. In creating email alerts, diskcheck.pl creates insecure temporary files in a world-writable directory, which may permit an attacker to corrupt any...

IBM AIX setclock buffer overflow in remote timeserver argument

Overview There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Description The setclock command sets the system's clock from a remote time server. This command contains a buffer overflow in the handling of the remote timeserver hostname...

Microsoft IIS FTP service searches all trusted domains for user accounts

Overview The Microsoft IIS FTP Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft IIS FTP Service allows users to establish connections using either local accounts or Windows domain...

Microsoft Windows 2000 Telnet Service allows unprivileged local users to terminate sessions via unprotected system calls

Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows unprivileged local users to terminate existing telnet sessions. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows unprivileged local users to execute...

Network Associates CSMAP and smap/smapd vulnerable to buffer overflow thereby allowing arbitrary command execution

Overview A remotely exploitable buffer overflow exists in the Gauntlet Firewall. Description The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound e-mail.This...

Potential vulnerabilities in Qualcomm Eudora WorldMail Server LDAP handling code

Overview The Qualcomm Eudora WorldMail Server may contain vulnerabilities that allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this...

Linux gpm daemon allows arbitrary file removal

Overview gpm version 1.19.2 and earlier are vulnerable due to a flaw that allows a local user to delete arbitrary files. Description gpm General Purpose Mouse is the program that lets you use the mouse in console mode when not using XWindows. It is usually included in Linux distributions, and can...

Buffer Overflow in Lotus Domino Mail Server

Overview Lotus Domino R5 SMTP Server Contains a Buffer Overflow Description The Lotus Domino R5 SMTP server allows an administrator to restrict the domains from which the server will accept mail. In versions of Domino R5 prior to version 5.0.6 with domain restrictions enabled an intruder may be...

ISC BIND 4 contains input validation error in nslookupComplain()

Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is a format string vulnerability in BIND 4.9.4 that may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no longer...

HP-UX kermit contains local buffer overflow that allows denial-of-service

Overview The HP-UX version of kermit contains a buffer overflow that allows local users to prevent other users from running kermit. Description Kermit is a file transfer protocol that has been implemented by Hewlett-Packard for use on their systems. On December 21, 2000, HP released a security...

Office 2000 UA Control incorrectly marked safe for scripting

Overview The Microsoft Office 2000 UA ActiveX control is incorrectly marked as "safe for scripting". This vulnerability may allow an intruder to disable macro warnings in Office products and, subsequently, execute arbitrary code. This vulnerability may be exploited by viewing an HTML document via...

libexpat library is vulnerable to DoS attacks through stack overflow

Overview A stack overflow vulnerability has been discovered within the libexpat open source library. When parsing XML documents with deeply nested entity references, libexpat can recurse indefinitely. This can result in exhaustion of stack space and a crash. An attacker can weaponize this to eith...

ASUS RP-AC52 contains multiple vulnerabilities

Overview The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery and command injection. Description CWE-352:Cross-Site Request ForgeryCSRF- CVE-2016-6557 The RP-AC52 web interface does not sufficiently verify whether a valid reque...

libbpg contains a type confusion vulnerability that leads to out of bounds write

Overview libbpg is a library for the BPG graphics format. libbpg 0.9.5 through 0.9.7 may allow a crafted file to write out-of-bounds, which may lead to denial of service or arbitrary code execution. Description CWE-787: Out-of-bounds Write - CVE-2016-5637According to the reporter, improper checki...

Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities

Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform "enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time." It...

Grandsteam GXV3611_HD camera is vulnerable to SQL injection

Overview The Grandsteam GXV3611HD is an IP network camera used for surveillance and security. The Grandsteam GXV3611HD is vulnerable to a SQL injection attack. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2015-2866The Grandstream...

Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files

Overview The Synology Cloud Station sync client for OS X contains a setuid root executable that allows regular users to claim ownership of system files. Description CWE-276: Incorrect Default Permissions - CVE-2015-2851The Synology Cloud Station sync client for OS X contains an executable named...

NagiosQL 3.2 Service Pack 2 contains a reflected cross-site scripting vulnerability

Overview NagiosQL 3.2 Service Pack 2 and possibly earlier versions contain a reflected cross-site scripting vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' NagiosQL 3.2 Service Pack 2 and possibly earlier versions contai...

AdvancePro Technologies Advanceware software suite vulnerable to privilege bypass

Overview AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in information leakage CWE-200. Description CWE-200: Information Exposure AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in...

HP Insight Diagnostics 8.20 b2878 multiple vulnerabilities

Overview HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities. Description It has been reported that HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities that can be exploited by a remote attacker to execute...

PHP Address Book sqli vulnerability

Overview PHP Address Book web application is vulnerable to multiple sqli injection vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'PHP Address Book 8.2.5 and possibly older versions fail to sanitize input from multiple...