3702 matches found
Various FTP clients fail to account for pipe (|) characters in default file names
Overview Various FTP client implementations do not correctly handle files whose name begins with the "|" pipe character. Description Most FTP clients include a feature in which the remote filename is used as the local filename in a GET RETR operation. For example, many FTP clients support syntax...
PC-cillin "pop3trap.exe" vulnerable to buffer overflow via long string of characters
Overview A locally exploitable buffer overflow exists in PC-cillin. Description Trend Micro describes PC-cillin as follows:Trend Micro PC-cillin provides all-in-one antivirus security, personal firewall, and PDA protection for your PC. The user-friendly interface makes it easy to install and use...
Kerberos administration daemon vulnerable to buffer overflow
Overview Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system. Description A remotely exploitable buffer overflow exists in the Kerber...
Multiple buffer overflow vulnerabilities in QNX
Overview Multiple buffer overflow vulnerabilities have been reported in QnX. Description QnX is an RTOS Realtime Operating System. QnX is used in many different devices and industries, including, but not limited to, Routers Manufacturing and Processing Medical Equipment Automotive and...
Microsoft Internet Explorer executes scripts when scripting has been disabled after bypassing initial security checks
Overview A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting. Description Internet Explorer permits users to customize settings that enable and disable the ability of scripts t...
Microsoft Windows 2000 Indexing Services enumerates local file locations via ixsso.query ActiveX object
Overview Index Server 2.0 and the Indexing Service 3.0 contain a vulnerability that may allow remote intruders to gain information about files on the local computer. Description Index Server 2.0 and Indexing Service 3.0 are services that allow information about local files to be queried via a web...
Microsoft Visual FoxPro fails to properly evaluate filenames before launching application
Overview There is a vulnerability in Microsoft Visual FoxPro 6.0 that allows remote attackers to execute Visual FoxPro applications with the privileges of the victim user. Description Microsoft Visual FoxPro 6.0 contains an unspecified vulnerability that allows remote attackers to execute arbitra...
HP Tru64 UNIX "traceroute" contains buffer overflow (SSRT2261)
Overview The HP Tru64 UNIX implementation of "traceroute" contains a locally exploitable buffer overflow. Description "traceroute" is used to display the route packets follow from one host to another on the Internet. A locally exploitable buffer overflow in "traceroute" may permit a local attacke...
OpenBSD contains buffer overflow in "select" call
Overview A locally exploitable buffer overflow exists in all versions of OpenBSD. Description The buffer overflow exists in the select2 system call. The overflow occurs if select is supplied with arbitrary negative values. --- Impact Local users can gain system privileges and execute code in the...
Microsoft Windows domain name resolver service accepts responses from non-queried DNS servers by default
Overview Systems running Microsoft Windows 98, NT, Windows 2000, or Windows XP DNS resolvers accept DNS replies from any IP address, not just the ones being sent DNS requests. This may lead to domain information spoofing or DNS cache poisoning. Description Microsoft Windows systems use a caching...
Quake II Server performs console variable expansion on client-supplied input values
Overview The Quake II Server contains an information leakage vulnerability that allows remote attackers to gain control of the game server process. Description The Quake II Server responds to console commands from Quake II clients to perform a variety of game and server management functions. Both...
Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface
Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to reboot affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional functionality allows a CS...
Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in IIS Help Files search facility
Overview Visitors to web sites that use Microsoft IIS 5.0 and 5.1 are vulnerable to cross-site scripting attacks through the IIS help facility. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...
IBM AIX Parallel Systems Support Program (PSSP) contains vulnerability in File Collections subsystem allowing arbitrary access to sensitive configuration files
Overview IBM AIX Parallel Systems Support Programs PSSP contains a vulnerability allowing unauthorized access to files in valid file collections. Description IBM PSSP software is used to provide a central point of management control for a cluster of RS/6000 SP nodes and IBM pSeries and IBM RS/600...
Oracle 9i Application Server does not adequately handle requests for nonexistent JSP files thereby disclosing web folder path information
Overview Oracle 9i Application Servers Oracle 9iAS contain a default error page that can be used to find the physical path of files on the system. Description Oracle 9iAS will display a default error page when a nonexistent ".jsp" file is specified. In the body of this page is the entire local pa...
Oracle 9iAS default configuration allows arbitrary users to view sensitive configuration files
Overview It is possible to read the "XSQLConfig.xml" and "soapConfig.xml" configuration files from an Oracle 9i Application Server under the default installation without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially...
Oracle Database Server vulnerable to DoS via repeated requests to Oracle listener without connecting to redirected port
Overview Oracle Database Server may consume all available memory and crash if clients do not connect completely in the expected manner. Description When a connection request is made to Oracle for Windows NT, Oracle Database Server creates a new thread listening on a new port and redirects the...
shadow-utils useradd creates temporary files insecurely
Overview Shadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an...
OpenSSH UseLogin option allows remote execution of commands as root
Overview Versions of OpenSSH prior to 2.1.1 current circa June, 2000 allow a remote attacker to execute arbitrary commands with the privileges of sshd, typically root. Description OpenSSH is a free implementation of versions 1 and 2 of the SSH protocol. If sshd is configured with the UseLogin...
IBM AIX setclock buffer overflow in remote timeserver argument
Overview There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Description The setclock command sets the system's clock from a remote time server. This command contains a buffer overflow in the handling of the remote timeserver hostname...
Microsoft Windows Index Server discloses sensitive configuration information via crafted request to SQLQHit.asp sample application
Overview Microsoft Windows Index Server ships with an optional sample package. A component of this package, SQLQHit.asp, can disclose sensitive information when sent crafted requests. Description The Microsoft Windows Index Server ships with optional sample files. While these files should never b...
pgp4pine fails to properly check for expired public keys
Overview The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program GnuPG. This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. Description The program pgp4pine...
Oracle Internet Directory LDAP Daemon does not check write permissions properly
Overview The Oracle LDAP Daemon oidldapd version 2.1.1.1, which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. Description The Oracle LDAP Daemon oidldapd version 2.1.1.1 do...
Linux gpm daemon allows arbitrary file removal
Overview gpm version 1.19.2 and earlier are vulnerable due to a flaw that allows a local user to delete arbitrary files. Description gpm General Purpose Mouse is the program that lets you use the mouse in console mode when not using XWindows. It is usually included in Linux distributions, and can...
Multiple networking devices allow SNMP objects to be viewed/modified via ILMI community string
Overview There is a vulnerability in the remote management architecture for Asynchronous Transfer Mode ATM networking devices that permits unauthorized access to configuration information. An attacker who gains access to an affected device can read and modify its configuration, creating a...
ISC BIND 4 contains input validation error in nslookupComplain()
Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is a format string vulnerability in BIND 4.9.4 that may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no longer...
HP-UX kermit contains local buffer overflow that allows denial-of-service
Overview The HP-UX version of kermit contains a buffer overflow that allows local users to prevent other users from running kermit. Description Kermit is a file transfer protocol that has been implemented by Hewlett-Packard for use on their systems. On December 21, 2000, HP released a security...
Sun Microsystems Keys exposed and revoked
Overview Sun Microsystems uses a variety of X.509 keys signed by VeriSign to securevarious web sites. Among these certificates are two that were revoked on October 19, 2000. The certificate IDs for these revoked certificates are 3181 B12D C422 5DAC A340 CF86 2710 ABE6 and 1705 FB13 A22F 9AF3 C130...
Race condition in periodic
Overview A race condition in the 'periodic' script allows local files to be overwritten. We believe that 'periodic' is typically used only with FreeBSD systems, though it may be installed on other systems. Description 'periodic' is a script used in conjunction with cron to execute jobs at specifi...
Wang/Kodak Image Scan ActiveX Control
Overview Description The Image Admin control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Admin control is one of several controls used to provide image editting services through a web site. Because the...
Weak CRC allows RC4 encrypted SSH1 packets to be modified without notice
Overview There is an information integrity vulnerability in the SSH1 protocol that allows RC4 encrypted packets to be modified without notice. Description Preconditions: Client has requested RC4 and server supports it. Compression is disabled. When using the RC4 stream cipher, SSH1 uses a cyclic...
ChatGPT-4o contains security bypass vulnerability through time and search functions called "Time Bandit"
Overview ChatGPT-4o contains a jailbreak vulnerability called "Time Bandit" that allows an attacker the ability to circumvent the safety guardrails of ChatGPT and instruct it to provide illicit or dangerous content. The jailbreak can be initiated in a variety of ways, but centrally requires the...
Perimeter81 macOS Application Multiple Vulnerabilities
Overview A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges. Description At the time, the latest Perimeter81 MacOS application 10.0.0.19 suffers from local privilege escalation vulnerability inside its...
Pearson ProctorCache contains hard coded credentials
Overview The Pearson ProctorCache software uses a hard coded password for administrative tasks. Description The ProctorCache is designed to cache the testing content, as well as cache the responses and maintain a client list of active test-takers. ProctorCache is a server software package install...
PivotX 2.3.8 contains multiple vulnerabilities
Overview PivotX 2.3.8, and possibly earlier versions, contains cross-site scripting CWE-79 and unsafe file upload CWE-434 vulnerabilities. Description PivotX 2.3.8, and possibly earlier versions, contains cross-site scripting CWE-79 and unsafe file upload CWE-434 vulnerabilities.CWE-79: Improper...
Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities
Overview Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected. Description Fail2ban versions prior to...
Trend Micro InterScan Messaging Security Suite is vulnerable to XSS and CSRF vulnerabilities
Overview Trend Micro InterScan Messaging Security Suite Version 7.1-BuildWin321394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities. Description Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting CWE-79 a...
EasyVista single sign-on authentication bypass vulnerability
Overview EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature. Description EasyVista contains an authentication bypass vulnerability in the EasyVista single sign-on feature that does not use encoded values. If an attacker can obtain the login names for...
LifeSize Room appliance authentication bypass and arbitrary code injection vulnerability
Overview LifeSize Room appliance contains an authentication bypass and arbitrary code injection vulnerability when failing to sanitize input from unauthenticated clients. Description According to LifeSize's website "LifeSize Room combines an immersive, high definition video experience with a rich...
Apple QuickTime JPEG2000 heap buffer overflow
Overview Apple QuickTime contains a heap buffer overflow in the processing of JPEG2000 data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote...
RealFlex RealWin HMI service buffer overflows
Overview RealFlex RealWin 1.06 HMI service 912/tcp contains two stack buffer overflow vulnerabilities. Description RealFlex RealWin is a SCADA server package for medium and small applications designed to control and monitor real-time applications. The RealWin application runs an HMI service on po...
Trend Micro ServerProtect contains multiple vulnerabilities
Overview Trend Micro ServerProtect contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash. Description Trend Micro ServerProtect is designed to detect and remove viruses from files...
Apple Mac OS X file sharing allows authenticated remote access to files and directories
Overview Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. Description Apple Mac OS X Leopard 10.5.x allows files and directories to be shared via a "Shared Folders" feature. OS X lists the folders that are shared using this feature, however...
Learn2 STRunner ActiveX control stack buffer overflows
Overview The Learn2 STRunner ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Learn2 Corporation STRunner ActiveX control, which is provided by iestm32.dll, can view...
SkypeFind fails to properly sanitize user-supplied input
Overview The Skype client does not properly filter user-supplied input that was received from the SkypeFind service. This vulnerability may allow an attacker to execute arbitrary code. Description Skype is a peer-to-peer application that provides Voice over IP VoIP and Instant Messaging services...
Aurigma ImageUploader ActiveX control stack buffer overflows
Overview The Aurigma ImageUploader ActiveX control contains multiple stack buffer overflow vulnerabilities, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Aurigma ImageUploader is an ActiveX control that provides the ability to upload pictures usin...
Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability
Overview Apple QuickTime contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition and possibly execute arbitrary code. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. Appl...
Squid remote denial-of-service vulnerability
Overview The Squid Proxy server contains a vulnerability that may allow an attacker to create a denial-of-service condition that affects the Squid server and systems that rely on it. Description Squid Proxy Cache is a caching proxy that supports the HTTP, HTTPS, and FTP protocols. Squid can also ...
Apple QuickTime for Java may allow Java applets to gain elevated privileges
Overview Apple QuickTime for Java contains a vulnerability that may allow a malicious Java applet to gain elevated privileges. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime for Java provides APIs which allow Java developers to include multimedia in Java...
ISC BIND does not correctly set default access controls
Overview ISC Internet Systems Consortiuim BIND fails to properly set default access control lists. This may allow unauthorized users to make recursive querries and querry the cache. Description From the ISC BIND security page:The default access control lists acls are not being correctly set. If n...