OpenConnect Webconnect MS-DOS device name denial-of-service

Overview OpenConnect WebConnect may stop responding after processing an HTTP request with an MS-DOS device name in it. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1...

Adobe Acrobat Reader for UNIX contains a buffer overflow in mailListIsPdf()

Overview A buffer overflow in Adobe Acrobat Reader for UNIX could allow a remote attacker to execute arbitrary code. Description Adobe Acrobat Reader is an application that allows users to view PDF Portable Document Format files. Acrobat Reader for UNIX Linux, Sun Solaris SPARC, IBM AIX, or HP-UX...

Samba QFILEPATHINFO handling routine contains a remotely exploitable buffer overflow

Overview Samba is vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code with root privileges. Description Samba is a widely used open-source implementation of Server Message Block SMB/Common Internet File System CIFS. A lack of bounds checking in the...

PhpWebSite contains multiple cross-site scripting vulnerabilities

Overview PhpWebSite contains multiple cross-site scripting vulnerabilities that may allow an attacker to execute arbitrary code on users' web browser. Description PhpWebSite is an open-source web content management system. Certain PhpWebSite modules fail to properly filter URLs for malicious...

Microsoft Internet Explorer fails to honor "Drag and Drop" zone security preference

Overview The Internet Explorer IE zone security preference for "Drag and drop or copy and paste files" is not honored with Windows XP and Windows Server 2003. Description IE provides several settings for the various security zones. These settings can prevent certain actions from taking place in...

Multiple Symantec firewall products fail to properly process DNS response packets

Overview There is a vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted Domain Name Service DNS response packet could allow an unauthenticated, remote attacker to cause a denial of service condition. Description Symantec offers a suite of corporat...

Microsoft Help and Support Center (HCP) fails to properly validate HCP URLs

Overview The Microsoft Help and Support Center HCP fails to properly handle HCP URL validation. Exploitation of this vulnerability may permit remote attackers to execute arbitrary code on the system with the privileges of the current user. Description Microsoft Windows XP and Server 2003 Help and...

Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function

Overview There is a buffer overflow vulnerability in the Gaim gaimurlparse function, which could allow an unauthenticated, remote attacker to execute arbitrary code. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. There is a buffer overflow...

BEA WebLogic Server configuration wizard stores administrative credentials in clear text log files

Overview There is a vulnerability in BEA WebLogic Server in which a user with access to log files generated by the configuration wizard could obtain the administrative username and password. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure fo...

Microsoft Jet Database Engine database request handling buffer overflow

Overview The Microsoft Jet Database Engine Jet provides data access functionality to a number of other Microsoft and many third party applications. A buffer overflow vulnerability exists in the Jet Database Engine that could allow a remote attacker to execute code of their choosing on an affected...

HP-UX CDE library libDtSvc contains unspecified buffer overflow

Overview CDE, the default X Windows environment in HP-UX, ships with a libraray called libDtSvc. It has a locally-exploitable buffer overflow in some versions. Description Please see HP Security Bulletin HPSBUX0401-308 SSRT3492 for more details. --- Impact A local user may be able to gain...

Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests

Overview Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests containing overly large User-Agent fields. This could allow an unauthenticated, remote attacker to cause a denial-of-service condition. Description Apple's QuickTime and Darwin Streaming Server is software...

Microsoft Virtual PC for Mac insecurely handles temporary file

Overview A component program of Microsoft Virtual PC for Mac uses an insecure method for handling a temporary file. This could allow an attacker with local system access to gain elevated privileges. Description Microsoft Virtual PC for Mac is a product that allows users of the Apple MacOS X...

Microsoft Windows fails to properly validate buffer size of incoming SMB packets

Overview Microsoft's implementation of Server Message Block SMB contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service. Description SMB and the Common Internet File System CIFS are closely related protocols used sharing...

Microsoft Internet Explorer does not properly evaluate Content-Type and Content-Disposition headers

Overview A cross-domain scripting vulnerability exists in the way Microsoft Internet Explorer IE evaluates Content-Type and Content-Disposition headers and checks for files in the local browser cache. This vulnerability could allow a remote attacker to execute arbitrary script in a different...

Hewlett-Packard Company MPE/iX FTPSRVR does not properly validate certain commands

Overview A vulnerability in the FTP server included with the MPE/iX operating system may allow a remote attacker to gain unauthorized access. Description MPE/iX is an operating system produced by Hewlett-Packard Company. The FTP server included with MPE/iX FTPSRVR contains a vulnerability which m...

Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone

Overview There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host. Description Microsoft systems use components of Microsoft Outlook Express to render MHTML MIME Encapsulation of Aggregate...

SGI IRIX name services daemon (nsd) and modules mishandle AUTH_UNIX gid list

Overview A remotely exploitable vulnerability has been discoved in the "nsd" service for SGI IRIX systems. A remote attacker may be able to gain root access to the vulnerable system. Description A remotely exploitable heap overflow vulnerability has been discovered in a function for the RPC...

Microsoft Windows Active Directory fails to handle long LDAP requests

Overview A flaw has been discovered in the way that Microsoft's Active Directory service handles large LDAP requests. This flaw could result in a denial-of-service vulnerability. Description The directory services provided by Microsoft's Active Directory are based on the Lightweight Directory...

Sun Solaris lockd(1M) daemon vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Solaris lockd1M daemon. Exploitation of this vulnerability may kill the lockd process. Description Sun Microsystems describes the lockd1M daemon as follows:The lockd utility is part of the NFS lock manager, which suppor...

ISC DHCPD minires library contains multiple buffer overflows

Overview The Internet Software Consortium ISC has discovered several buffer overflow vulnerabilities in their implementation of DHCP ISC DHCPD. These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits. Descripti...

PC-cillin "pop3trap.exe" vulnerable to buffer overflow via long string of characters

Overview A locally exploitable buffer overflow exists in PC-cillin. Description Trend Micro describes PC-cillin as follows:Trend Micro PC-cillin provides all-in-one antivirus security, personal firewall, and PDA protection for your PC. The user-friendly interface makes it easy to install and use...

SSH Secure Shell for Workstations contains buffer overflow in URL-handling feature

Overview The Windows version of SSH Secure Shell for Workstations contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The SSH Secure Shell for Workstations client includes a URL-handling feature that allows users to launch URLs that appear in...

Kerberos administration daemon vulnerable to buffer overflow

Overview Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system. Description A remotely exploitable buffer overflow exists in the Kerber...

Microsoft Java implementation JDBC classes do not properly validate DLL requests

Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM do not properly validate DLL requests, allowing a malicious applet to load and execute any DLL on the client system. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and XP. It is used...

Microsoft Internet Explorer executes scripts when scripting has been disabled after bypassing initial security checks

Overview A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting. Description Internet Explorer permits users to customize settings that enable and disable the ability of scripts t...

Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser

Overview There is a buffer overflow in the parsing of Active Stream Redirector .ASX files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page. Description There is a buffer overflow in the processing of Active Stream Redirector .ASX...

WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution

Overview WebBoard does not adequately validate user input, allowing attackers to execute arbitrary JavaScript code on other WebBoard users' systems. Description WebBoard is a web application which includes a real-time chat server, using JavaScript alerts to display messages received by other user...

Exim does not adequately validate user input thereby allow execution of arbitrary commands

Overview Under certain configurations, Exim may execute commands embedded in a mail message's From address. Description Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim can be configured to route all incoming mail or mail to particular addresses through...

Microsoft Visual FoxPro fails to properly evaluate filenames before launching application

Overview There is a vulnerability in Microsoft Visual FoxPro 6.0 that allows remote attackers to execute Visual FoxPro applications with the privileges of the victim user. Description Microsoft Visual FoxPro 6.0 contains an unspecified vulnerability that allows remote attackers to execute arbitra...

HP Tru64 UNIX "traceroute" contains buffer overflow (SSRT2261)

Overview The HP Tru64 UNIX implementation of "traceroute" contains a locally exploitable buffer overflow. Description "traceroute" is used to display the route packets follow from one host to another on the Internet. A locally exploitable buffer overflow in "traceroute" may permit a local attacke...

Microsoft SQL Server installation process leaves sensitive information on system

Overview Microsoft SQL server versions 7.0 and 2000, as well as MSDE 1.0, may leave installation and log files on the server after the installation process is complete. These files may contain senstitive information such as passwords used during the install. Users with authenticated access to the...

Microsoft Windows domain name resolver service accepts responses from non-queried DNS servers by default

Overview Systems running Microsoft Windows 98, NT, Windows 2000, or Windows XP DNS resolvers accept DNS replies from any IP address, not just the ones being sent DNS requests. This may lead to domain information spoofing or DNS cache poisoning. Description Microsoft Windows systems use a caching...

Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) executes code as Local System

Overview The Windows 2000 Network DDE agent permits local users to execute commands with system privileges. Description Dynamic Data Exchange DDE is an interprocess communication mechanism used in Microsoft Windows. A DDE share is an area of memory which is used to store and retrieve data. Networ...

Microsoft Remote Access Service API contains additional buffer overflow vulnerability via phonebook entries

Overview The Microsoft Remote Access Service API contains a vulnerability that allows local attackers to execute arbitrary code with system privileges. Description The Microsoft Remote Access Service RAS Application Programming Interface API allows Windows programs to make dial-up connections to...

Oracle Reports Server Reports Web Cartridge (RWCGI60) vulnerable to buffer overflow via database name parameter

Overview A buffer overflow vulnerability in Oracle Reports Server 6i could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Reports Server process. Description Oracle Reports Server is a component of Oracle Application Server that handles client...

Quake II Server performs console variable expansion on client-supplied input values

Overview The Quake II Server contains an information leakage vulnerability that allows remote attackers to gain control of the game server process. Description The Quake II Server responds to console commands from Quake II clients to perform a variety of game and server management functions. Both...

Microsoft Windows 2000 Event Viewer contains buffer overflow

Overview The Windows 2000 event viewer contains a buffer overflow. Description The Microsoft Windows 2000 event viewer contains a buffer overflow that can be exploited when a record written to an event log is examined by the event viewer. Both privileged and unprivileged users can read and write ...

Microsoft Windows 2000 System Monitor ActiveX Control contains buffer overflow

Overview There is a buffer overflow in the System Monitor ActiveX control that ships with Windows 2000. Description The System Monitor ActiveX control sysmon.ocx included with Windows 2000 contains a buffer overflow. For more information, see...

Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface

Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to reboot affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional functionality allows a CS...

Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in IIS Help Files search facility

Overview Visitors to web sites that use Microsoft IIS 5.0 and 5.1 are vulnerable to cross-site scripting attacks through the IIS help facility. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...

Oracle 9i Application Server does not adequately handle requests for nonexistent JSP files thereby disclosing web folder path information

Overview Oracle 9i Application Servers Oracle 9iAS contain a default error page that can be used to find the physical path of files on the system. Description Oracle 9iAS will display a default error page when a nonexistent ".jsp" file is specified. In the body of this page is the entire local pa...

Oracle 9iAS default configuration allows arbitrary users to view sensitive configuration files

Overview It is possible to read the "XSQLConfig.xml" and "soapConfig.xml" configuration files from an Oracle 9i Application Server under the default installation without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially...

Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers

Overview Microsoft Internet Explorer contains a vulnerability in its handling of certain MIME headers in web pages and HTML email messages. This vulnerability may allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message...

Oracle Database Server vulnerable to DoS via repeated requests to Oracle listener without connecting to redirected port

Overview Oracle Database Server may consume all available memory and crash if clients do not connect completely in the expected manner. Description When a connection request is made to Oracle for Windows NT, Oracle Database Server creates a new thread listening on a new port and redirects the...

BSCW vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview BSCW is a groupware system that runs on a web server. BSCW follows symbolic links in tar files that it extracts into a user's local area. Accessing those links may allow the user to view arbitrary files viewable by the web server, and to overwrite files writable by the web server...

shadow-utils useradd creates temporary files insecurely

Overview Shadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an...

OpenSSH UseLogin option allows remote execution of commands as root

Overview Versions of OpenSSH prior to 2.1.1 current circa June, 2000 allow a remote attacker to execute arbitrary commands with the privileges of sshd, typically root. Description OpenSSH is a free implementation of versions 1 and 2 of the SSH protocol. If sshd is configured with the UseLogin...

lpd hostname authentication bypassed with spoofed DNS

Overview The line printer daemon enables various clients to share printers over a network. There exists a flaw in the authentication method in this daemon that permits remote access to the server. Description A vulnerability exists in the line printer daemon lpd shipped with the lpr package for...

SCO OpenServer/UnixWare vi creates temporary files insecurely

Overview The implementation of vi, a text editor, provided with SCO Openunix creates insecure temporary files with predictable names. Using a symbolic link attack, an intruder can overwrite any file writable by the user of vi. Description vi is a screen-oriented text editor. The implementation...