Oracle Database Server buffer overflow in Security Component

Overview The Oracle Database Server Security Component contains a buffer overflow. Exploitation may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A lack of input validation in the Oracle Database Server Security Component may allow a buffer...

AIX "getconf" contains buffer overflow vulnerability

Overview IBM AIX getconf contains a buffer overflow vulnerability that may lead to arbitrary code execution. Description IBM AIX contains the getconf command that provides information about system configuration. An unspecified buffer overflow condition has been identified in getconf and may lead ...

unace buffer overflow vulnerability

Overview A buffer overflow in the unace compression library may allow a remote attacker to execute arbitrary code. Description The unace compression library is used to decompress ace archives .ace file extension. A lack of input validation on filenames in an ace archive may allow a buffer overflo...

EMC Legato NetWorker uses weak AUTH_UNIX authentication

Overview EMC Legato NetWorker uses weak AUTHUNIX authentication, allowing a remote attacker to execute arbitrary commands, gain elevated privileges, or cause a denial of service. Description EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun...

Adobe Acrobat contains a remotely exploitable buffer overflow

Overview A buffer overflow in Adobe Acrobat/Acrobat Reader may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition Description Adobe Acrobat is a suite of applications that allow users to manipulate PDF Portable Document Format files. A buffer within a core...

Microsoft Agent vulnerable to trusted site spoofing

Overview Microsoft Agent contains a vulnerability that could allow a remote attacker to spoof trusted Internet content. Description Microsoft Agent is a software extension that enhances user interaction through the use of interactive personalities in the form of animated characters. Applications...

Microsoft HTML Help vulnerable to integer overflow

Overview Microsoft HTML Help contains an integer overflow vulnerability, allowing a remote attacker to execute arbitrary code. Description HTML Help The Microsoft HTML Help system ". . . is the standard help system for the Windows platform." HTML Help components can be compiled to ". . . compress...

McAfee Scan Engine vulnerable to buffer overflow in LHA decoder

Overview A buffer overflow vulnerability in the McAfee Virus Scan Engine may allow a remote attacker to execute arbitrary code on an affected system. Because the vulnerability exists in a core component, a number of different McAfee products are affected. Description The McAfee Antivirus products...

OpenConnect Webconnect MS-DOS device name denial-of-service

Overview OpenConnect WebConnect may stop responding after processing an HTTP request with an MS-DOS device name in it. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1...

Microsoft License Logging Service buffer overflow

Overview A vulnerability in a component of some server versions of Microsoft Windows could allow a remote attacker to execute code on a vulnerable system. Description Microsoft's License Logging Service LLS assists in the management of licenses for some Microsoft server products. An error in the...

UW-imapd fails to properly authenticate users when using CRAM-MD5

Overview A vulnerablility in an authentication method for the University of Washington IMAP server could allow a remote attacker to access any user's mailbox. Description The Internet Message Access Protocol IMAP is a method of accessing electronic messages kept on a remote mail server and is...

Multiple implementations of LDAP Directory Server vulnerable to buffer overflow

Overview A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code. Description The Lightweight Directory Access Protocol LDAP is a protocol for accessing network based directories. A lack of bounds checking in some...

Microsoft Windows Shell contains a buffer overflow

Overview A remotely exploitable buffer overflow vulnerability exists in the Microsoft Windows Shell. Description The Microsoft Windows Shell provides the basic human-computer interface for Windows systems. Microsoft describes the Shell as follows: The Windows Shell is responsible for providing th...

freeRADIUS Server vulnerable to a denial-of-service attack

Overview Multiple vulnerabilities in freeRADIUS Server may allow attackers to cause a denial-of-service condition. Description The Remote Authentication Dial In User Service RADIUS protocol is used for remote user authentication and accounting. freeRADIUS Server is an popular open-source RADIUS...

star fails to set proper permissions on programs specified in RSH environment variable

Overview Star can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Star is a tape archiving program similar to tar. Star permits the use of storage devices on remote machines via an access program on...

Oracle Database Server contains several vulnerabilities

Overview Several vulnerabilities exist in the Oracle Database Server and Listener. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system. Description Oracle Database 1...

Microsoft Windows HTML Help component fails to properly validate input data

Overview There is a vulnerability in the HTML Help component of Microsoft Windows that could allow an attacker to execute arbitrary code on an affected system. Description Microsoft HTML Help provides a standard help system for the Windows operating system. There is a vulnerability in the way...

Oracle E-Business Suite SQL Injection vulnerabilities

Overview Oracle E-Business Suite fails to filter user input permiting the exploitation of SQL injection vulnerabilities. These vulnerabilities may allow a remote attacker to execute procedures or SQL queries and updates on the vulnerable database application. Description According to the Oracle...

Gaim contains an integer overflow vulnerability when parsing DirectIM packets

Overview There is an integer overflow vulnerability in the handlehdrodc function, which could allow an unauthenticated, remote attacker to cause a denial of service or potentially execute arbitrary code. Description Gaim is a multi-protocol instant messenger client available for a number of...

Gaim contains a buffer overflow vulnerability in the Extract Info Field function

Overview There is a buffer overflow vulnerability in the gaimmarkupextractinfofield function, which could allow an unauthenticated, remote attacker to cause a denial of service or execute arbitrary code. Description Gaim is a multi-protocol instant messenger client available for a number of...

Gaim fails to properly validate the "value" parameter in the Yahoo login webpage

Overview There is a buffer overflow vulnerability in the way the Gaim yahoologinpagehash function parses the "value" parameter in the Yahoo login webpage. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging...

Gaim contains a buffer overflow vulnerability in the http_canread() function

Overview There is a buffer overflow vulnerability in the Gaim httpcanread function, which could allow an unauthenticated, remote attacker to execute arbitrary code. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It provides a feature that allow...

BEA WebLogic Server internal methods may disclose sensitive information

Overview There is a vulnerability in BEA WebLogic Server that could allow users to obtain the credentials of the user who booted the server. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...

HP-UX CDE library libDtSvc contains unspecified buffer overflow

Overview CDE, the default X Windows environment in HP-UX, ships with a libraray called libDtSvc. It has a locally-exploitable buffer overflow in some versions. Description Please see HP Security Bulletin HPSBUX0401-308 SSRT3492 for more details. --- Impact A local user may be able to gain...

Multiple Real media players vulnerable to buffer overflow when parsing crafted media files

Overview Multiple Real media players vulnerable to buffer overflow when parsing certain media files which may permit an attacker to execute arbitrary code on the user's system. Description RealNetworks Real media players are multimedia applications that allow users to view local and remote...

Oracle command-line program buffer overflow in argument handling

Overview A buffer overflow in some command-line utilities supplied with the Oracle Database Server could allow a local user to gain the privileges of the oracle system user. Description The Oracle 9 i Database Server package includes the oracle and oracleO command-line client programs to connect ...

Microsoft Internet Explorer does not properly evaluate Content-Type and Content-Disposition headers

Overview A cross-domain scripting vulnerability exists in the way Microsoft Internet Explorer IE evaluates Content-Type and Content-Disposition headers and checks for files in the local browser cache. This vulnerability could allow a remote attacker to execute arbitrary script in a different...

Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone

Overview There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host. Description Microsoft systems use components of Microsoft Outlook Express to render MHTML MIME Encapsulation of Aggregate...

Solaris systems may crash in response to certain IPv6 packets

Overview Solaris 8 systems that accept IPv6 traffic may be subject to denial of service attacks from arbitrary remote attackers. Description Sun Microsystems has reported that systems running Solaris 8 may encounter a system panic in response to IPv6 packets with certain characteristics. Sun Aler...

Microsoft Windows Active Directory fails to handle long LDAP requests

Overview A flaw has been discovered in the way that Microsoft's Active Directory service handles large LDAP requests. This flaw could result in a denial-of-service vulnerability. Description The directory services provided by Microsoft's Active Directory are based on the Lightweight Directory...

HP-UX fails to apply standard UNIX filesystem security measures when using OnLineJFS

Overview A vulnerability in OnlineJFS could allow an intruder to gain greater access than expected. Description OnlineJFS "provides the online management of the Journaled File System JFS, a high-integrity, highly available file system supported by HP-UX." According to Hewlett-Packard, there is a...

RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string within the "Transport" field of a SETUP RTSP request

Overview The RealNetworks' Helix Universal Server supports delivery of several different media types via RTSP Real Time Streaming Protocol. Vulnerabilities have been discovered in the way it handles some RTSP requests. These vulnerabilities could allow a remote attacker to execute arbitrary code ...

Buffer Overflow in SGI IRIX syslogd

Overview A remotely exploitable buffer overflow in SGI IRIX syslogd may allow an attacker to crash syslogd or execute arbitrary code. Description There is a remotely exploitable buffer overflow in SGI IRIX syslogd. For more detailed information please see SGI Security Advisory 20020405-01-I. ---...

Some implementations of mod_dav contain a format string vulnerability in "ap_log_rerror()" function

Overview A vulnerability in some implementations of moddav may permit a remote attacker to gain unauthorized access to a web server running moddav. Description moddav is a module designed to provide DAV capabilities for a web server. A format string vulnerability in some implementations may permi...

Various FTP clients fail to account for pipe (|) characters in default file names

Overview Various FTP client implementations do not correctly handle files whose name begins with the "|" pipe character. Description Most FTP clients include a feature in which the remote filename is used as the local filename in a GET RETR operation. For example, many FTP clients support syntax...

ISC DHCPD minires library contains multiple buffer overflows

Overview The Internet Software Consortium ISC has discovered several buffer overflow vulnerabilities in their implementation of DHCP ISC DHCPD. These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits. Descripti...

SSH Secure Shell for Workstations contains buffer overflow in URL-handling feature

Overview The Windows version of SSH Secure Shell for Workstations contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The SSH Secure Shell for Workstations client includes a URL-handling feature that allows users to launch URLs that appear in...

Multiple buffer overflow vulnerabilities in QNX

Overview Multiple buffer overflow vulnerabilities have been reported in QnX. Description QnX is an RTOS Realtime Operating System. QnX is used in many different devices and industries, including, but not limited to, Routers Manufacturing and Processing Medical Equipment Automotive and...

Microsoft Internet Explorer executes scripts when scripting has been disabled after bypassing initial security checks

Overview A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting. Description Internet Explorer permits users to customize settings that enable and disable the ability of scripts t...

Microsoft Internet Explorer 5.5 print template ActiveX control allows arbitrary command execution

Overview The Internet Explorer 5.5 Print Template feature contains a vulnerability that allows a web page author to execute arbitrary code as the user viewing the web page. Description Internet Explorer version 5.5 supports a feature called "print templates" which allows a web page author to...

Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser

Overview There is a buffer overflow in the parsing of Active Stream Redirector .ASX files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page. Description There is a buffer overflow in the processing of Active Stream Redirector .ASX...

Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request

Overview Easynews does not adequately validate user input. Attackers may exploit this vulnerability to learn the filesystem path where the script is installed. Description Easynews is an open-source CGI script designed to create dynamic news story web pages and listings. Easynews does not properl...

Microsoft Visual FoxPro fails to properly evaluate filenames before launching application

Overview There is a vulnerability in Microsoft Visual FoxPro 6.0 that allows remote attackers to execute Visual FoxPro applications with the privileges of the victim user. Description Microsoft Visual FoxPro 6.0 contains an unspecified vulnerability that allows remote attackers to execute arbitra...

OpenBSD contains buffer overflow in "select" call

Overview A locally exploitable buffer overflow exists in all versions of OpenBSD. Description The buffer overflow exists in the select2 system call. The overflow occurs if select is supplied with arbitrary negative values. --- Impact Local users can gain system privileges and execute code in the...

Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in IIS Help Files search facility

Overview Visitors to web sites that use Microsoft IIS 5.0 and 5.1 are vulnerable to cross-site scripting attacks through the IIS help facility. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...

IBM AIX Parallel Systems Support Program (PSSP) contains vulnerability in File Collections subsystem allowing arbitrary access to sensitive configuration files

Overview IBM AIX Parallel Systems Support Programs PSSP contains a vulnerability allowing unauthorized access to files in valid file collections. Description IBM PSSP software is used to provide a central point of management control for a cluster of RS/6000 SP nodes and IBM pSeries and IBM RS/600...

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP request

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. A maliciously crafted HTTP request made to the PL/SQL module could cause a denial of service or execute arbitrary code with the...

CDE dtprintinfo contains local buffer overflow in Help window via clipboard copy

Overview The CDE Print Viewer program dtprintinfo provides a graphical interface display the status of print queues and print jobs. By using the clipboard to overflow the search field in the Help window of dtprintinfo, a local attacker can execute arbitrary code on the system as root. Description...

Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers

Overview Microsoft Internet Explorer contains a vulnerability in its handling of certain MIME headers in web pages and HTML email messages. This vulnerability may allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message...

Hot Standby Router Protocol (HSRP) uses weak authentication

Overview A denial-of-service vulnerability exists in the Hot Standby Router Protocol HSRP . Description HSRP is a protocol designed to provide transparent recovery of routing services when failures occur. Quoting from RFC2281 the RFC describing the Hot Standby Router Protocol:The Hot Standby Rout...