Hot Standby Router Protocol (HSRP) uses weak authentication

Overview A denial-of-service vulnerability exists in the Hot Standby Router Protocol HSRP . Description HSRP is a protocol designed to provide transparent recovery of routing services when failures occur. Quoting from RFC2281 the RFC describing the Hot Standby Router Protocol:The Hot Standby Rout...

Oracle Database Server vulnerable to DoS via repeated requests to Oracle listener without connecting to redirected port

Overview Oracle Database Server may consume all available memory and crash if clients do not connect completely in the expected manner. Description When a connection request is made to Oracle for Windows NT, Oracle Database Server creates a new thread listening on a new port and redirects the...

shadow-utils useradd creates temporary files insecurely

Overview Shadow-utils is an encryption and account management package freely distributed for many Linux implementations. The useradd program in this package creates insecure temporary files with predictable names in a write-protected directory. If this directory is changed to be writable, an...

OpenSSH UseLogin option allows remote execution of commands as root

Overview Versions of OpenSSH prior to 2.1.1 current circa June, 2000 allow a remote attacker to execute arbitrary commands with the privileges of sshd, typically root. Description OpenSSH is a free implementation of versions 1 and 2 of the SSH protocol. If sshd is configured with the UseLogin...

lpd allows options to be passed to sendmail

Overview The line printer daemon enables various clients to share printers over a network. There exists a vulnerability in this daemon that permits an intruder to send options to sendmail. Description The line printer daemon enables various clients to share printers over a network. There exists a...

Cayman gateways vulnerable to a denial of service via oversized ICMP echo (ping) requests.

Overview Cayman gateways vulnerable to a denial of service via oversized ICMP echo ping requests. Installing the newest version of the vendor software will resolve this vulnerability. Description Cayman gateways running versions 5.5 Build R0, 5.3 Build R2, 5.3 Build R1 are vulnerable to an...

sort creates temporary files insecurely

Overview The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack. Description The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of th...

OpenSSH disregards client configuration and allows server access to ssh-agent and/or X11 after session negotiation

Overview Versions of OpenSSH client prior to 2.3.0 do not properly enforce restrictions to the ssh-agent or X11 display. Description An OpenSSH client can be configured to prevent servers from accessing the client's ssh-agent or X11 display. However, versions of OpenSSH client prior to 2.3.0 fail...

pgp4pine fails to properly check for expired public keys

Overview The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program GnuPG. This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. Description The program pgp4pine...

Oracle Internet Directory LDAP Daemon does not check write permissions properly

Overview The Oracle LDAP Daemon oidldapd version 2.1.1.1, which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. Description The Oracle LDAP Daemon oidldapd version 2.1.1.1 do...

KDE KFM creates temporary files insecurely

Overview KDE's kfm creates and uses temporary cache directories insecurely. Description kfm, the KDE File Manager, creates a cache directory for each user. This directory is placed in /tmp and predictably named, based on the UID. These directories are created without checking for correct ownershi...

Microsoft Visual Studio VB-TSQL debugger object vbsdicli.exe contains buffer overflow via NewSPID method

Overview A vulnerability in an object included with Visual Studio 6.0 Enterprise Edition may allow an attacker to execute code with the privileges of an interactively logged in user. Description The VB-TSQL debugger object included in Visual Studio 6.0 Enterprise Edition contains a buffer overflo...

Multiple networking devices allow SNMP objects to be viewed/modified via ILMI community string

Overview There is a vulnerability in the remote management architecture for Asynchronous Transfer Mode ATM networking devices that permits unauthorized access to configuration information. An attacker who gains access to an affected device can read and modify its configuration, creating a...

Sun Microsystems Keys exposed and revoked

Overview Sun Microsystems uses a variety of X.509 keys signed by VeriSign to securevarious web sites. Among these certificates are two that were revoked on October 19, 2000. The certificate IDs for these revoked certificates are 3181 B12D C422 5DAC A340 CF86 2710 ABE6 and 1705 FB13 A22F 9AF3 C130...

Race condition in periodic

Overview A race condition in the 'periodic' script allows local files to be overwritten. We believe that 'periodic' is typically used only with FreeBSD systems, though it may be installed on other systems. Description 'periodic' is a script used in conjunction with cron to execute jobs at specifi...

Wang/Kodak Image Scan ActiveX Control

Overview Description The Image Admin control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Admin control is one of several controls used to provide image editting services through a web site. Because the...

SSH host key authentication can be bypassed when DNS is used to resolve localhost

Overview This vulnerability allows an attacker to redirect an SSH connection to an arbitary host. Description When making connections to localhost, SSH disables host key checking to provide compatibility with NFS filesystems. As a result, if the victim's machine uses a poisoned DNS server to...

libexpat library is vulnerable to DoS attacks through stack overflow

Overview A stack overflow vulnerability has been discovered within the libexpat open source library. When parsing XML documents with deeply nested entity references, libexpat can recurse indefinitely. This can result in exhaustion of stack space and a crash. An attacker can weaponize this to eith...

ChatGPT-4o contains security bypass vulnerability through time and search functions called "Time Bandit"

Overview ChatGPT-4o contains a jailbreak vulnerability called "Time Bandit" that allows an attacker the ability to circumvent the safety guardrails of ChatGPT and instruct it to provide illicit or dangerous content. The jailbreak can be initiated in a variety of ways, but centrally requires the...

Perimeter81 macOS Application Multiple Vulnerabilities

Overview A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges. Description At the time, the latest Perimeter81 MacOS application 10.0.0.19 suffers from local privilege escalation vulnerability inside its...

Alertus Desktop Notification for OS X sets insecure permissions for configuration and other files

Overview Alertus Desktop Notification for OS X, version 2.9.30.1700 and earlier, sets insecure permissions for configuration and other files, which may enable an unprivileged attacker to disable notifications and modify content locally. Description CWE-276: Incorrect Default Permissions -...

HP Photosmart B210 printer SMB server buffer overflow vulnerability

Overview The HP Photosmart B210 printer utilizes an SMB server for managing the print queue. An invalid SMB packet may cause a denial of service condition, requiring the printer to be restarted. Description Fuzzing the first 296 bytes of an SMB packet may in some cases cause a denial of service...

BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow

Overview BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow Description CWE-121-Stack-based Buffer Overflow BulletProof FTP Client 2010 does not check the length of the host parameter set in the quick connect bar. A long host value causes a stack-based buffer overflow,...

PivotX 2.3.8 contains multiple vulnerabilities

Overview PivotX 2.3.8, and possibly earlier versions, contains cross-site scripting CWE-79 and unsafe file upload CWE-434 vulnerabilities. Description PivotX 2.3.8, and possibly earlier versions, contains cross-site scripting CWE-79 and unsafe file upload CWE-434 vulnerabilities.CWE-79: Improper...

MW6 Technologies ActiveX controls contain multiple vulnerabilities

Overview MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls contain multiple vulnerabilities. Description MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls are used for processing barcodes. The ActiveX controls contain multiple vulnerabilities that may lead to...

HP Insight Diagnostics 8.20 b2878 multiple vulnerabilities

Overview HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities. Description It has been reported that HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities that can be exploited by a remote attacker to execute...

Adobe Shockwave 11.6.7.637 contains multiple exploitable vulnerabilities

Overview Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Macromedia Shockwave Player is...

Trend Micro InterScan Messaging Security Suite is vulnerable to XSS and CSRF vulnerabilities

Overview Trend Micro InterScan Messaging Security Suite Version 7.1-BuildWin321394 has been reported to be susceptible to cross-site scripting and cross-site request forgery vulnerabilities. Description Trend Micro InterScan Messaging Security Suite is susceptible to cross-site scripting CWE-79 a...

HP Virtual SAN appliance root shell command injection

Overview The HP Virtual SAN appliance version 9.5 is susceptible to a root shell command injection CWE-77 vulnerability. Description Tenable Network Security has reported that HP's fix for the command injection vulnerability, EDB-ID 18893, was incomplete. The ping command for the appliance has a...

BreakingPoint Systems Storm CTM information disclosure vulnerabilities

Overview BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information. Description According to BreakingPoint's website,the BreakingPoint Storm creates real-world, high-stress conditions and user behavior to provide...

ManageEngine ServiceDesk directory traversal vulnerability

Overview ManageEngine ServiceDesk contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information. Description ManageEngine ServiceDesk Plus 8.0, and possibly prior versions, contains a directory traversal vulnerability in the...

pWhois Layer Four Traceroute 3.x vulnerability

Overview Given a specific set of command line arguments, Layer Four Traceroute lft will produce a segmentation fault leading to a possible privilege escalation vulnerability. Description pWhois Layer Four Traceroute 3.x contains a vulnerability when parsing command line arguments. Earlier version...

MOXA Device Manager MDM Tool buffer overflow

Overview The MOXA Device Manager MDM Tool contains a stack-based buffer overflow. Description The MOXA Device Manager consists of an MDM Tool, which allows local users to connect to a remote MDM Gateway to monitor and manage embedded computers installed with MDM Agent software. MOXA Device Manage...

Oracle WebLogic Node Manager allows arbitrary configuration via UNC path

Overview Oracle WebLogic Node Manager 10.3.3 and earlier versions contain a remote file inclusion vulnerability. This vulnerability could allow a remote attacker to execute arbitrary commands on an affected system. Description Node Manager is a WebLogic Server utility that enables you to start,...

Trend Micro HouseCall ActiveX control does not adequately validate update server parameters

Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll includes an update feature. A web page hosting...

Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript method

Overview Adobe Reader and Acrobat contain an unspecified flaw in a JavaScript method, which can allow a remote, unauthenticated attacker to execute code on a vulnerable system. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes...

HP Online Support Services ActiveX RegistryString() buffer overflow

Overview HP Online Support Services contains the function RegistryString, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Services provides online product support services includi...

GnuTLS Pad Length Denial of Service

Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a sequence of specially crafted packets. According to CERT-FI Vulnerability...

Microsoft HeartbeatCtl ActiveX control buffer overflow

Overview The Microsoft HeartbeatCtl ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft HeartbeatCtl ActiveX control is used to play multiplayer games on the MSN Games website. T...

Microsoft Internet Explorer property memory corruption vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles malformed property objects may may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret Web pages that...

GE Fanuc Proficy Information Portal allows arbitrary file upload and execution

Overview GE Fanuc Proficy Information Portal allows authenticated users to upload arbitrary files. An attacker could upload an executable server-side script e.g., an .asp shell on a Microsoft Internet Information Server platform and execute arbitrary commands with the privileges of the web server...

Microsoft Windows Media Format Runtime ASF handling buffer overflow

Overview Microsoft Windows Media Format Runtime is vulnerable to a heap-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an vulnerable system. Description Microsoft Windows Media Format Runtime is used by various Windows Media...

libFLAC contains multiple vulnerabilities

Overview libFLAC contains multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description FLAC Free Lossless Audio Codec is a lossless audio format. libFLAC is a library that can process FLAC files. libFLAC contains multip...

Microsoft MFC FindFile function heap buffer overflow

Overview A buffer overflow vulnerability in the Microsoft Foundation Class MFC Library could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Foundation Class MFC Library is a Microsoft library that wraps parts of the Windows API in C++ classes. The MFC...

MSN Messenger and Windows Live Messenger webcam stream heap overflow

Overview MSN Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code. Description MSN Messenger is an instant messaging application. Starting with version 8, MSN Messenger was renamed to Windows Live Messenger. Windows Live Messenger and some...

602pro Lan Suite 2003 buffer overflow vulnerability

Overview 602pro Lan Suite 2003 contains a buffer overflow vulnerability that may allow an attacker to execute code. Description 602pro Lan Suite 2003 is a mail, firewall and proxy server that runs on the Microsoft Windows operating system.The 602pro Lan Suite 2003 SMTP server contains a buffer...

Microsoft Windows Win32 API fails to properly validate function parameters

Overview The Microsoft Windows Win32 API fails to properly validate function parameters, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Win32 API is a set of application programming interfaces for the...

Apple QuickTime for Java information disclosure vulnerability

Overview Apple QuickTime for Java fails to properly clear memory. As a result, sensitive information may be exposed to unintended parties. Description Apple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This feature is known as QuickTime for Java. Apple...

Microsoft Excel fails to properly process files with crafted filter records

Overview A vulnerability in Microsoft Excel could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to validate certain filter records contained in Excel documents. This flaw results in an unspecified memory corruption vulnerability that...

Cisco ASA fails to properly process DHCP relay packets

Overview The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing and intrusion prevention system IPS features. DHCP relay allows...