3704 matches found
Microsoft License Logging Service buffer overflow
Overview A vulnerability in a component of some server versions of Microsoft Windows could allow a remote attacker to execute code on a vulnerable system. Description Microsoft's License Logging Service LLS assists in the management of licenses for some Microsoft server products. An error in the...
QNX PPPoEd daemon vulnerable to command spoofing
Overview The QNX PPPoEd daemon is vulnerable to command spoofing that may lead to arbitrary code execution. Description QNX is an RTOS Realtime Operating System. QNX is used in many different devices and industries, including, but not limited to routers manufacturing and processing medical...
Cisco IOS IPv6 denial-of-service vulnerability
Overview A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. Description The Cisco Internetwork Operating System IOS includes support for processing Internet Protocol version 6 IPv6 packets. A vulnerability in the way that IOS handle...
Multiple implementations of LDAP Directory Server vulnerable to buffer overflow
Overview A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code. Description The Lightweight Directory Access Protocol LDAP is a protocol for accessing network based directories. A lack of bounds checking in some...
Multiple networking devices fail to set the "Secure" attribute of a cookie
Overview Multiple vendors' networking devices fail to set the "Secure" cookie attribute and could disclose sensitive information about a user's HTTP session. Description Many networking devices provide a built-in web server, which may support the HTTPS protocol. When a user logs into the device...
Oracle Database Server contains several vulnerabilities
Overview Several vulnerabilities exist in the Oracle Database Server and Listener. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system. Description Oracle Database 1...
AOL Instant Messenger vulnerable to buffer overflow
Overview A vulnerability in the AOL Instant Messenger AIM client could allow a remote attacker to execute arbitrary code on a victim system. Description AOL Instant Messenger AIM is an instant messaging system distributed by AOL Time Warner. A buffer overflow error exists in the way that some...
Perl vulnerable to buffer overflow in win32_stat()
Overview A flaw in a standard function in some Perl distributions could allow an attacker to execute arbitrary code on the vulnerable system. Description The stat Perl function, similar to the standard C stat function, returns a list giving the status info for a file. Since the stat function is...
Gaim contains an integer overflow vulnerability when parsing DirectIM packets
Overview There is an integer overflow vulnerability in the handlehdrodc function, which could allow an unauthenticated, remote attacker to cause a denial of service or potentially execute arbitrary code. Description Gaim is a multi-protocol instant messenger client available for a number of...
Gaim contains a buffer overflow vulnerability in the http_canread() function
Overview There is a buffer overflow vulnerability in the Gaim httpcanread function, which could allow an unauthenticated, remote attacker to execute arbitrary code. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It provides a feature that allow...
Gaim fails to properly validate the "value" parameter in the Yahoo login webpage
Overview There is a buffer overflow vulnerability in the way the Gaim yahoologinpagehash function parses the "value" parameter in the Yahoo login webpage. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging...
BEA WebLogic Server internal methods may disclose sensitive information
Overview There is a vulnerability in BEA WebLogic Server that could allow users to obtain the credentials of the user who booted the server. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...
Microsoft Windows XP creates tasks with elevated privileges
Overview Microsoft Windows XP contains a vulnerability in the way that tasks are created that may permit an authenticated user to launch applications with elevated privileges. Description Microsoft Windows creates tasks when a user launches an application. A vulnerability in the way that Windows ...
HP-UX shar utility creates files with predictable names in "/tmp" directory
Overview The shar program distributed with some versions of the HP-UX operating system creates files insecurely. This vulnerability could allow local users to gain escalated privilege on the system. Description shar is a program commonly available on UNIX systems to create a shell script that wil...
tcpdump contains vulnerability in ISAKMP decoding routine
Overview tcpdump contains a vulnerability in the way it decodes Internet Security Association and Key Management Protocol ISAKMP packets. Description tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way tcpdump parses specially...
OpenSSL accepts unsolicited client certificate messages
Overview OpenSSL accepts unsolicited client certificate messages. This could allow an attacker to exploit underlying vulnerabilities in client certificate handling. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general-purpos...
HP-UX fails to apply standard UNIX filesystem security measures when using OnLineJFS
Overview A vulnerability in OnlineJFS could allow an intruder to gain greater access than expected. Description OnlineJFS "provides the online management of the Journaled File System JFS, a high-integrity, highly available file system supported by HP-UX." According to Hewlett-Packard, there is a...
Microsoft Internet Explorer does not safely handle multiple file download requests
Overview A problem in the way Microsoft Internet Explorer handles a large number of file download requests could result in the execution of arbitrary code on a vulnerable system. Description When Internet Explorer IE follows a link to an executable file .exe, a dialog window is displayed that...
RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string within the "Transport" field of a SETUP RTSP request
Overview The RealNetworks' Helix Universal Server supports delivery of several different media types via RTSP Real Time Streaming Protocol. Vulnerabilities have been discovered in the way it handles some RTSP requests. These vulnerabilities could allow a remote attacker to execute arbitrary code ...
Protegrity Secure.Data for Microsoft SQL Server 2000 contains buffer overflows in extended stored procedures
Overview Protegrity Secure.Data for Microsoft SQL Server 2000 includes several extended stored procedures that contain buffer overflow vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, gain access to databases, or cause a denial of service. Descriptio...
ISC DHCPD minires library contains multiple buffer overflows
Overview The Internet Software Consortium ISC has discovered several buffer overflow vulnerabilities in their implementation of DHCP ISC DHCPD. These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits. Descripti...
Multiple FTP clients contain directory traversal vulnerabilities
Overview Multiple File Transfer Protocol FTP clients contain directory traversal vulnerabilities that allow a malicious FTP server to overwrite files on the client host. Description In a typical file transfer operation, one participant the client requests a file while a second participant the...
SSH Secure Shell for Workstations contains buffer overflow in URL-handling feature
Overview The Windows version of SSH Secure Shell for Workstations contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The SSH Secure Shell for Workstations client includes a URL-handling feature that allows users to launch URLs that appear in...
gv contains buffer overflow in sscanf() function
Overview A remotely exploitable buffer overflow vulnerability exists in gv. Description A remotely exploitable buffer overflow vulnerability exists in gv. gv allows a user to view and navigate PostScript and PDF documents by providing an interface to the ghostscript interpreter. This vulnerabilit...
dvips uses system() function insecurely thereby allowing arbitrary command execution
Overview A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system. Description The dvips utility is used to convert DVI files to PostScriptTM. Typically the output is sent to the printer.RHSA-2002:194-18 states the vulnerability occurs...
Microsoft Internet Explorer 5.5 print template ActiveX control allows arbitrary command execution
Overview The Internet Explorer 5.5 Print Template feature contains a vulnerability that allows a web page author to execute arbitrary code as the user viewing the web page. Description Internet Explorer version 5.5 supports a feature called "print templates" which allows a web page author to...
Apache mod_dav module vulnerable to DoS
Overview A denial-of-service vulnerability exists in Apache moddav. Description moddav is an Apache module. This module enables Apache web servers to provide users the ability to edit and manage files on a remote web server using the HTTP protocol. A vulnerability in moddav may allow an attacker ...
Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request
Overview Easynews does not adequately validate user input. Attackers may exploit this vulnerability to learn the filesystem path where the script is installed. Description Easynews is an open-source CGI script designed to create dynamic news story web pages and listings. Easynews does not properl...
Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp
Overview The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port. Description Microsoft LAN Manager LANMAN is enabled by default on...
HP Tru64 UNIX "ipcs" contains buffer overflow (SSRT0794U)
Overview The HP Tru64 UNIX implementation of "ipcs" contains a locally exploitable buffer overflow. Description "ipcs" is used to report inter-process communication status. A locally exploitable buffer overflow in "ipcs" may permit a local attacker to gain elevated privileges and execute arbitrar...
SGI IRIX rpc.xfsmd uses weak authentication mechanism for RPC authentication
Overview The XFS file system on SGI systems allows anonymous remote users to call xfs-related RPC functions. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon rpc.xfsmd on SGI systems uses the default AUTHUNIX authentication mechanism a client-base...
Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts
Overview Sambar Webserver displays script contents instead of interpreting them when the user adds certain characters to the end of the script URL. Description Sambar Webserver is designed to handle CGI requests by interpreting CGI scripts to produce output returned to the client. However, due to...
Microsoft Internet Explorer contains buffer overflow in handling of gopher replies
Overview There is a buffer overflow in Internet Explorer when IE receives information from a gopher service. Description Gopher is a protocol that presents documents and services in a hierarchal representation, and is similar in some ways to HTTP. Internet Explorer reportedly contains a buffer...
Oracle Application Server contains format string vulnerability
Overview The CERT/CC is aware of a report about a "remotely exploitable format string vulnerability in Oracle Application Server" that could allow an unauthenticated, remote attacker to execute arbitrary code on a vulnerable system. Description Oracle Application Server uses the Apache HTTP Serve...
Oracle9i Database TNS Listener vulnerable to buffer overflow via SERVICE_NAME parameter
Overview A buffer overflow vulnerability exists in the TNS Listener component of Oracle9i Database. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the TNS Listener process or cause a denial of service. Description Oracle9i...
AOL Instant Messenger buffer overflow in screename
Overview A buffer overflow exists in the AOL Instant Messenger AIM client versions 3.5.x and prior when accepting the screenname from the command line, or through the aim protocol. Description AIM installs a protocol on the machine that enables people to post links on their websites, or send them...
AOL Instant Messenger vulnerable to buffer overflow via long filename
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM permits users to send files from one peer to another. By sending a file with a long name, it is possible to crash th...
CDE dtprintinfo contains local buffer overflow in Help window via clipboard copy
Overview The CDE Print Viewer program dtprintinfo provides a graphical interface display the status of print queues and print jobs. By using the clipboard to overflow the search field in the Help window of dtprintinfo, a local attacker can execute arbitrary code on the system as root. Description...
IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image
Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...
Trend Micro InterScan eManager vulnerable to remotely exploitable buffer overflow
Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan eManager. Description Trend Micro InterScan eManager is an application that inspects email traffic flowing into and out of a network for confidential or inappropriate material entering and/or leaving the network. This...
Outlook Web Access (OWA) executes scripts contained in email attachment opened via Microsoft Internet Explorer (IE)
Overview Microsoft Outlook Web Access OWA can run malicious scripts on an Exchange server when Internet Explorer IE users open email attachments. Description OWA allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser. When IE users acces...
IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the IBM WebSphere Java Servlet Container 3.5 and earlier are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated...
Aladdin Ghostscript creates insecure temporary files allowing a local user to create symbolic links to other files
Overview Alladin Ghostscript, a previewer for postscript files, creates temporary files with a predictable names. The creation allows attackers to use symbolic links to overwrite other files on the host. Description Alladin Ghostscript is a previewer for postscript files. It creates temporary fil...
OpenSSH allows arbitrary file deletion via symlink redirection of temporary file
Overview Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named "cookies" accessible via the computer running sshd. Description sshd is the server software used to support ssh, a popular encryted connection program. Some...
Hewlett Packard HP-UX pcltotiff is installed with insecure permissions
Overview The utility pcltotiff is installed with insecure permissions on some Hewlett Packard systems. Description The HP utility pcltotiff is installed with sgid bin permissions in order to read files in /usr/lib/X11/fonts/ifo.st/typefaces/. This gives more permissions to pcltotiff than are...
OpenSSH disregards client configuration and allows server access to ssh-agent and/or X11 after session negotiation
Overview Versions of OpenSSH client prior to 2.3.0 do not properly enforce restrictions to the ssh-agent or X11 display. Description An OpenSSH client can be configured to prevent servers from accessing the client's ssh-agent or X11 display. However, versions of OpenSSH client prior to 2.3.0 fail...
Keys generated with PGP5i batch mode do not contain sufficient randomness on systems that use /dev/random
Overview Under certain circumstances, PGP v5.0 generates keys that are not sufficiently random, which may allow an attacker to predict keys and, hence, recover information encrypted with that key. Description Generating Randomness in PGP Keys In order to generate cryptographically secure keys, PG...
phpSecurePages allows remote code execution
Overview There is an input validation vulnerability in phpSecurePages that may allow a remote intruder to execute arbitrary code with the privileges of the running web server. Description phpSecurePages is a tool for password protecting portions of websites on PHP enabled webservers. The...
Microsoft Services for UNIX Telnet server is vulnerable to denial of service via memory leak
Overview The telnet server included in the Microsoft Services for Unix package contains a denial-of-service vulnerability that may cause the system to become unstable or crash. Description The telnet server included in the Microsoft Services for Unix SFU package contains a memory leak that can le...
Symantec LiveUpdate stores proxy server passwords in plaintext in registry
Overview A vulnerability exists in the way Symantec LiveUpdate stores proxy server passwords which could allow local users to have read access to the key. Description LiveUpdate version 1.5 stores proxy server passwords in clear text in the registry, under...