Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser

Overview There is a buffer overflow in the parsing of Active Stream Redirector .ASX files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page. Description There is a buffer overflow in the processing of Active Stream Redirector .ASX...

Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request

Overview Easynews does not adequately validate user input. Attackers may exploit this vulnerability to learn the filesystem path where the script is installed. Description Easynews is an open-source CGI script designed to create dynamic news story web pages and listings. Easynews does not properl...

Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp

Overview The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port. Description Microsoft LAN Manager LANMAN is enabled by default on...

Microsoft Visual FoxPro fails to properly evaluate filenames before launching application

Overview There is a vulnerability in Microsoft Visual FoxPro 6.0 that allows remote attackers to execute Visual FoxPro applications with the privileges of the victim user. Description Microsoft Visual FoxPro 6.0 contains an unspecified vulnerability that allows remote attackers to execute arbitra...

OpenBSD contains buffer overflow in "select" call

Overview A locally exploitable buffer overflow exists in all versions of OpenBSD. Description The buffer overflow exists in the select2 system call. The overflow occurs if select is supplied with arbitrary negative values. --- Impact Local users can gain system privileges and execute code in the...

Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts

Overview Sambar Webserver displays script contents instead of interpreting them when the user adds certain characters to the end of the script URL. Description Sambar Webserver is designed to handle CGI requests by interpreting CGI scripts to produce output returned to the client. However, due to...

Microsoft Internet Explorer contains buffer overflow in handling of gopher replies

Overview There is a buffer overflow in Internet Explorer when IE receives information from a gopher service. Description Gopher is a protocol that presents documents and services in a hierarchal representation, and is similar in some ways to HTTP. Internet Explorer reportedly contains a buffer...

Oracle9i Database TNS Listener vulnerable to buffer overflow via SERVICE_NAME parameter

Overview A buffer overflow vulnerability exists in the TNS Listener component of Oracle9i Database. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the TNS Listener process or cause a denial of service. Description Oracle9i...

IBM AIX Parallel Systems Support Program (PSSP) contains vulnerability in File Collections subsystem allowing arbitrary access to sensitive configuration files

Overview IBM AIX Parallel Systems Support Programs PSSP contains a vulnerability allowing unauthorized access to files in valid file collections. Description IBM PSSP software is used to provide a central point of management control for a cluster of RS/6000 SP nodes and IBM pSeries and IBM RS/600...

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP request

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. A maliciously crafted HTTP request made to the PL/SQL module could cause a denial of service or execute arbitrary code with the...

CDE dtprintinfo contains local buffer overflow in Help window via clipboard copy

Overview The CDE Print Viewer program dtprintinfo provides a graphical interface display the status of print queues and print jobs. By using the clipboard to overflow the search field in the Help window of dtprintinfo, a local attacker can execute arbitrary code on the system as root. Description...

Hot Standby Router Protocol (HSRP) uses weak authentication

Overview A denial-of-service vulnerability exists in the Hot Standby Router Protocol HSRP . Description HSRP is a protocol designed to provide transparent recovery of routing services when failures occur. Quoting from RFC2281 the RFC describing the Hot Standby Router Protocol:The Hot Standby Rout...

BSCW vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview BSCW is a groupware system that runs on a web server. BSCW follows symbolic links in tar files that it extracts into a user's local area. Accessing those links may allow the user to view arbitrary files viewable by the web server, and to overwrite files writable by the web server...

OpenView Network Node Manager contains vulnerability allowing for privilege escalation

Overview The HP Network Node Manager contains a vulnerability that may allow an attacker to gain elevated privileges. Description The Network Node Manager is a networked systems software management package distributed by Hewlett-Packard. A vulnerability in this software package may allow an...

IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image

Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...

Trend Micro InterScan eManager vulnerable to remotely exploitable buffer overflow

Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan eManager. Description Trend Micro InterScan eManager is an application that inspects email traffic flowing into and out of a network for confidential or inappropriate material entering and/or leaving the network. This...

Cayman gateways vulnerable to a denial of service via oversized ICMP echo (ping) requests.

Overview Cayman gateways vulnerable to a denial of service via oversized ICMP echo ping requests. Installing the newest version of the vendor software will resolve this vulnerability. Description Cayman gateways running versions 5.5 Build R0, 5.3 Build R2, 5.3 Build R1 are vulnerable to an...

OpenSSH disregards client configuration and allows server access to ssh-agent and/or X11 after session negotiation

Overview Versions of OpenSSH client prior to 2.3.0 do not properly enforce restrictions to the ssh-agent or X11 display. Description An OpenSSH client can be configured to prevent servers from accessing the client's ssh-agent or X11 display. However, versions of OpenSSH client prior to 2.3.0 fail...

Microsoft Services for UNIX Telnet server is vulnerable to denial of service via memory leak

Overview The telnet server included in the Microsoft Services for Unix package contains a denial-of-service vulnerability that may cause the system to become unstable or crash. Description The telnet server included in the Microsoft Services for Unix SFU package contains a memory leak that can le...

Teamware Office contains multiple vulnerabilities in LDAP handling code

Overview The Teamware Office suite contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the...

Oracle Internet Directory contains multiple vulnerabilities in LDAP handling code

Overview The Oracle Internet Directory server contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this...

Oracle Internet Directory LDAP Daemon does not check write permissions properly

Overview The Oracle LDAP Daemon oidldapd version 2.1.1.1, which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. Description The Oracle LDAP Daemon oidldapd version 2.1.1.1 do...

ScreamingMedia SITEware does not adequately validate user input thereby allowing arbitrary file disclosure via directory traversal

Overview A vulnerability exists in ScreamingMedia's SiteWare Editor's Desktop that allows an intruder to read arbitrary files within the SiteWare web hierarchy. Description SiteWare Editor's Desktop is a web-based administration tool for manipulating ScreamingMedia content on a SiteWare web serve...

Multiple networking devices allow SNMP objects to be viewed/modified via ILMI community string

Overview There is a vulnerability in the remote management architecture for Asynchronous Transfer Mode ATM networking devices that permits unauthorized access to configuration information. An attacker who gains access to an affected device can read and modify its configuration, creating a...

Weak CRC allows last block of IDEA-encrypted SSH packet to be changed without notice

Overview There is an information integrity vulnerability in the SSH1 protocol that allows the last block of an IDEA-encrypted session to be modified without notice. Description Preconditions: Session is encrypted using IDEA cipher. Compression is disabled. SSH clients configured to use the IDEA...

Sun Microsystems Keys exposed and revoked

Overview Sun Microsystems uses a variety of X.509 keys signed by VeriSign to securevarious web sites. Among these certificates are two that were revoked on October 19, 2000. The certificate IDs for these revoked certificates are 3181 B12D C422 5DAC A340 CF86 2710 ABE6 and 1705 FB13 A22F 9AF3 C130...

Race condition in periodic

Overview A race condition in the 'periodic' script allows local files to be overwritten. We believe that 'periodic' is typically used only with FreeBSD systems, though it may be installed on other systems. Description 'periodic' is a script used in conjunction with cron to execute jobs at specifi...

SSH-1 allows client authentication to be forwarded by a malicious server to another server

Overview A design flaw in the SSH-1 protocol allows a malicious server to establish two concurrent sessions with the same session ID, allowing a man-in-the-middle attack. The client must accept unknown host keys from the malicious server to enable exploitation of this vulnerability. Description...

SSH host key authentication can be bypassed when DNS is used to resolve localhost

Overview This vulnerability allows an attacker to redirect an SSH connection to an arbitary host. Description When making connections to localhost, SSH disables host key checking to provide compatibility with NFS filesystems. As a result, if the victim's machine uses a poisoned DNS server to...

Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass

Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Database DBX. Once the D...

Perimeter81 macOS Application Multiple Vulnerabilities

Overview A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary commands with administrative privileges. Description At the time, the latest Perimeter81 MacOS application 10.0.0.19 suffers from local privilege escalation vulnerability inside its...

Web Reference Database (refbase) contains multiple vulnerabilities

Overview Web Reference Database refbase versions 0.9.6 and possibly earlier contain multiple vulnerabilities. Description Web Reference Database refbase versions 0.9.6 and possibly earlier contain multiple vulnerabilities.CWE-352: Cross-Site Request Forgery CSRF - CVE-2015-6007 The application...

Vesta Control Panel is vulnerable to cross-site request forgery

Overview Vesta Control Panel is vulnerable to a cross-site request forgery CSRF attack. Description CWE-352: Cross-Site Request Forgery CSRF- CVE-2015-2861Vesta Control Panel contains a cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a...

BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow

Overview BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow Description CWE-121-Stack-based Buffer Overflow BulletProof FTP Client 2010 does not check the length of the host parameter set in the quick connect bar. A long host value causes a stack-based buffer overflow,...

PivotX 2.3.8 contains multiple vulnerabilities

Overview PivotX 2.3.8, and possibly earlier versions, contains cross-site scripting CWE-79 and unsafe file upload CWE-434 vulnerabilities. Description PivotX 2.3.8, and possibly earlier versions, contains cross-site scripting CWE-79 and unsafe file upload CWE-434 vulnerabilities.CWE-79: Improper...

CS-Cart version 4.0.2 contains cross-site scripting vulnerabilities

Overview CS-Cart version 4.0.2 and possibly earlier versions contain cross-site scripting XSS vulnerabilities CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CS-Cart version 4.0.2 and possibly earlier versions contain cross-site...

MW6 Technologies ActiveX controls contain multiple vulnerabilities

Overview MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls contain multiple vulnerabilities. Description MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls are used for processing barcodes. The ActiveX controls contain multiple vulnerabilities that may lead to...

HP Insight Diagnostics 8.20 b2878 multiple vulnerabilities

Overview HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities. Description It has been reported that HP Insight Diagnostics 8.20 b2878 and possibly earlier versions contains multiple vulnerabilities that can be exploited by a remote attacker to execute...

ManageEngine AssetExplorer fails to properly sanitize XML asset data submission

Overview ManageEngine AssetExplorer version 5.6.0 build number 5610 and possibly older versions is vulnerable to multiple stored XSS vulnerabilities via XML asset data submission. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'ManageEngine...

Adobe Shockwave 11.6.7.637 contains multiple exploitable vulnerabilities

Overview Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Macromedia Shockwave Player is...

HP Virtual SAN appliance root shell command injection

Overview The HP Virtual SAN appliance version 9.5 is susceptible to a root shell command injection CWE-77 vulnerability. Description Tenable Network Security has reported that HP's fix for the command injection vulnerability, EDB-ID 18893, was incomplete. The ping command for the appliance has a...

BreakingPoint Systems Storm CTM information disclosure vulnerabilities

Overview BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information. Description According to BreakingPoint's website,the BreakingPoint Storm creates real-world, high-stress conditions and user behavior to provide...

ManageEngine ServiceDesk directory traversal vulnerability

Overview ManageEngine ServiceDesk contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information. Description ManageEngine ServiceDesk Plus 8.0, and possibly prior versions, contains a directory traversal vulnerability in the...

Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability

Overview Dell KACE K2000 Systems Deployment Appliance contains a hidden CIFS share that allows anonymous access. Description According to Dell KACE's knowledge base article: "The Dell KACE K2000 Systems Deployment Appliance version 3.3.36822 and earlier uses a read-only CIFS fileshare named...

pWhois Layer Four Traceroute 3.x vulnerability

Overview Given a specific set of command line arguments, Layer Four Traceroute lft will produce a segmentation fault leading to a possible privilege escalation vulnerability. Description pWhois Layer Four Traceroute 3.x contains a vulnerability when parsing command line arguments. Earlier version...

Oracle WebLogic Node Manager allows arbitrary configuration via UNC path

Overview Oracle WebLogic Node Manager 10.3.3 and earlier versions contain a remote file inclusion vulnerability. This vulnerability could allow a remote attacker to execute arbitrary commands on an affected system. Description Node Manager is a WebLogic Server utility that enables you to start,...

Oracle Siebel Option Pack for IE ActiveX control memory initialization vulnerability

Overview The Oracle Siebel Option Pack for IE ActiveX control fails to properly initialize memory, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Siebel Option Pack for IE is an ActiveX control that is provided by Oracle Siebel...

Trend Micro HouseCall ActiveX control does not adequately validate update server parameters

Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll includes an update feature. A web page hosting...

PHPCow file inclusion vulnerability

Overview Older versions of PHPCow contain a file inclusion vulnerability that could allow an attacker to take control of a vulnerable application. Description PHPCow is a content management system that uses PHP. Older versions of PHP contain a file inclusion vulnerability. We are aware of reports...

Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript method

Overview Adobe Reader and Acrobat contain an unspecified flaw in a JavaScript method, which can allow a remote, unauthenticated attacker to execute code on a vulnerable system. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes...