Hewlett Packard HP-UX pcltotiff is installed with insecure permissions

Overview The utility pcltotiff is installed with insecure permissions on some Hewlett Packard systems. Description The HP utility pcltotiff is installed with sgid bin permissions in order to read files in /usr/lib/X11/fonts/ifo.st/typefaces/. This gives more permissions to pcltotiff than are...

Keys generated with PGP5i batch mode do not contain sufficient randomness on systems that use /dev/random

Overview Under certain circumstances, PGP v5.0 generates keys that are not sufficiently random, which may allow an attacker to predict keys and, hence, recover information encrypted with that key. Description Generating Randomness in PGP Keys In order to generate cryptographically secure keys, PG...

phpSecurePages allows remote code execution

Overview There is an input validation vulnerability in phpSecurePages that may allow a remote intruder to execute arbitrary code with the privileges of the running web server. Description phpSecurePages is a tool for password protecting portions of websites on PHP enabled webservers. The...

Microsoft Services for UNIX Telnet server is vulnerable to denial of service via memory leak

Overview The telnet server included in the Microsoft Services for Unix package contains a denial-of-service vulnerability that may cause the system to become unstable or crash. Description The telnet server included in the Microsoft Services for Unix SFU package contains a memory leak that can le...

Symantec LiveUpdate stores proxy server passwords in plaintext in registry

Overview A vulnerability exists in the way Symantec LiveUpdate stores proxy server passwords which could allow local users to have read access to the key. Description LiveUpdate version 1.5 stores proxy server passwords in clear text in the registry, under...

Network Associates PGP Keyserver contains multiple vulnerabilities in LDAP handling code

Overview The Network Associates PGP Keyserver contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this...

ScreamingMedia SITEware does not adequately validate user input thereby allowing arbitrary file disclosure via directory traversal

Overview A vulnerability exists in ScreamingMedia's SiteWare Editor's Desktop that allows an intruder to read arbitrary files within the SiteWare web hierarchy. Description SiteWare Editor's Desktop is a web-based administration tool for manipulating ScreamingMedia content on a SiteWare web serve...

Microsoft Windows 2000 Service Control Manager creates predictably named pipes

Overview A vulnerability exists in the Microsoft Windows 2000 Service Control Manager which could allow local users to gain control of the system. Description A vulnerability exists in the Service Control Manager SCM function. This function creates named pipes for system services. More informatio...

Cisco Content Services Switch (CSS) permits non-privileged user to enter debug mode

Overview A vulnerability in Cisco Content Services Switches Arrowpoint allows a valid user to gain administrative access. Description Cisco CSS switches run Cisco WebNS software. A user with a valid account on a CSS device can gain unauthorized administrative access to the device. See the Cisco...

Weak CRC allows last block of IDEA-encrypted SSH packet to be changed without notice

Overview There is an information integrity vulnerability in the SSH1 protocol that allows the last block of an IDEA-encrypted session to be modified without notice. Description Preconditions: Session is encrypted using IDEA cipher. Compression is disabled. SSH clients configured to use the IDEA...

SSH-1 allows client authentication to be forwarded by a malicious server to another server

Overview A design flaw in the SSH-1 protocol allows a malicious server to establish two concurrent sessions with the same session ID, allowing a man-in-the-middle attack. The client must accept unknown host keys from the malicious server to enable exploitation of this vulnerability. Description...

Hughes satellite modems contain multiple vulnerabilities

Overview Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured. Description Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to the following issues if not...

Intel CrossWalk project does not validate SSL certificates after first acceptance

Overview The Intel Crosswalk project is a framework for developing hybrid apps for Android and iOS. The Crosswalk project does not properly handle SSL certificate validation when a user accepts an invalid certificate, preventing the app for validating any future SSL certificates. Description...

DTE Energy Insight app vulnerable to information exposure

Overview The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers. Description CWE-200: Information Exposure- CVE-2016-1562The DTE Energy Insight app lets DTE Energy customers track their energy usage. This informati...

Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF

Overview The Lenovo Solution Center application contains multiple vulnerabilities that can allow an attacker to execute arbitrary code with SYSTEM privileges. Description CWE-732: Incorrect Permission Assignment for Critical Resource Launching the Lenovo Solution Center creates a process called...

Web Reference Database (refbase) contains multiple vulnerabilities

Overview Web Reference Database refbase versions 0.9.6 and possibly earlier contain multiple vulnerabilities. Description Web Reference Database refbase versions 0.9.6 and possibly earlier contain multiple vulnerabilities.CWE-352: Cross-Site Request Forgery CSRF - CVE-2015-6007 The application...

Vesta Control Panel is vulnerable to cross-site request forgery

Overview Vesta Control Panel is vulnerable to a cross-site request forgery CSRF attack. Description CWE-352: Cross-Site Request Forgery CSRF- CVE-2015-2861Vesta Control Panel contains a cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a...

iPass Open Mobile Windows Client contains a remote code execution vulnerability

Overview The iPass Open Mobile Windows Client versions 2.4.4 and earlier contains a remote code execution vulnerability. Description CWE-94: Improper Control of Generation of Code 'Code Injection' The iPass Open Mobile Windows Client versions 2.4.4 and earlier utilizes named pipes for interproces...

AppsGeyser generates Android applications that fail to properly validate SSL certificates

Overview AppsGeyser generates applications that fail to properly validate SSL certificates. Description AppsGeyser is an online tool that generates Android applications. At the time of publication of this vulnerability note, the AppsGeyser website claims to have generated over 1.3 million Android...

PaperThin CommonSpot CMS contains multiple vulnerabilities

Overview PaperThin CommonSpot contains multiple vulnerabilities, which may allow an unauthenticated remote attacker to execute arbitrary code on the server. Description PaperThin CommonSpot is a content management system CMS that is based on Adobe ColdFusion. CommonSpot is composed of over 3000...

WatchGuard Fireware XTM devices contain a cross-site scripting vulnerability

Overview WatchGuard Fireware XTM 11.8.1, and possibly earlier versions, contains a cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' WatchGuard Fireware XTM 11.8.1 contains a cross-site scripting vulnerabilit...

CS-Cart version 4.0.2 contains cross-site scripting vulnerabilities

Overview CS-Cart version 4.0.2 and possibly earlier versions contain cross-site scripting XSS vulnerabilities CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CS-Cart version 4.0.2 and possibly earlier versions contain cross-site...

Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) vulnerable to cross-site scripting (XSS)

Overview Cisco Prime NCS and WCS Health Monitor Login pages contain a reflected cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Cisco Prime Network Control System NCS and Wireless Control System...

TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability

Overview TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service CWE-20 vulnerability. Description CWE-20:Improper Input Validation- CVE-2013-3580TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to...

CS-Cart v3.0.4 configured with PayPal Standard Payments design vulnerability

Overview CS-Cart v3.0.4 and possibly other versions configured with PayPal Standard Payment is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that CS-Cart v3.0.4 configured with PayPal Standard...

ManageEngine AssetExplorer fails to properly sanitize XML asset data submission

Overview ManageEngine AssetExplorer version 5.6.0 build number 5610 and possibly older versions is vulnerable to multiple stored XSS vulnerabilities via XML asset data submission. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'ManageEngine...

Windows Phone 7 does not check certificate Common Names when sending or receiving emails over SSL.

Overview Windows Phone 7 does not check CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL. Description Windows Phone 7 fails to check the CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP serve...

ATA interface software may not properly handle ATA security features

Overview ATA interface software, including multiple system board BIOS implementations do not adequately manage the ATA hard drive security mode. An attacker may be able to manipulate this situation to completely lock a hard drive resulting in an almost unrecoverable denial-of-service condition...

Apple Mac OS X CoreText embedded font vulnerability

Overview Apple Mac OS X CoreText contains a use-after-free vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Mac OS X CoreText is a text layout and font processing engine that is used to handle embedded fonts.CoreTe...

GoAhead Webserver multiple stored XSS vulnerabilities

Overview GoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting XSS vulnerabilities. Description GoAhead Webserver software fails to sanitize POST requests sent to the multiple functions. As a result, stored and...

AmmSoft ScriptFTP 3.3 client remote buffer overflow vulnerability

Overview AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command. Description AmmSoft's ScriptFTP client can be exploited to execute arbitrary code when processing GETLIST or GETFI...

IBM Access Support ActiveX control stack buffer overflow

Overview The IBM Access Support ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The IBM Access Support ActiveX control has the ability to collect system information, such as make,...

RealFlex RealWin buffer overflow

Overview RealFlex RealWin demo version contains a vulnerability in the way "FCINFOTAG/SETCONTROL" packets are processed. Description RealFlex RealWin is SCADA server software that includes a Human Machine Interface HMI componant and runs on Microsoft Windows 2000 or XP. The demo version of RealWi...

Apple Mac OS X file sharing allows authenticated remote access to files and directories

Overview Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. Description Apple Mac OS X Leopard 10.5.x allows files and directories to be shared via a "Shared Folders" feature. OS X lists the folders that are shared using this feature, however...

Google SAML Single Sign on vulnerability

Overview The SAML Single Sign-On SSO Service for Google Apps contained a vulnerability that could have allowed an attacker to gain access to a user's Google account. Description The Security Assertion Markup Language SAML is a standard for transmitting authentication data between two or more...

Deterministic Network Enhancer privilege escalation vulnerability

Overview The Deterministic Network driver contains a privilege escalation vulnerability, which can allow a local attacker to execute code with kernel privileges. Description Deterministic Networks provides a product called Deterministic Network Enhancer DNE, which extends the Microsoft Windows...

Microsoft Office fails to properly handle specially crafted Rich Text Format files

Overview A vulnerability in the way Microsoft Office handles Rich Text Format files may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing malformed strings contained in specially crafted Rich Text Format .rtf files...

CA Unicenter DSM ITRM Legends ActiveX integer overflow

Overview The CA Unicenter DSM ITRM Legends ActiveX control contains an integer overflow vulnerability, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description CA Unicenter DSM ITRM Legends is an ActiveX control that is included with multiple CA products. Th...

Shadow Utils useradd utility sets incorrect file permissions

Overview The Shadow Utilities contain a vulnerability that may result in new user mailboxes having arbitrary permissions. Description The Shadow Utilities provide tools to manage user accounts.When a new mailbox is created using the useradd utility, the open function does not receive the expected...

Apple Mail remote command execution vulnerability

Overview Apple Mail contains a vulnerability that may allow an attacker to execute arbitrary commands on OS X Leopdard 10.5 systems. Description Apple OS X uses resource forks to store structured data in files. Data forks are used to store unstructured data.The AppleDouble standard is specified i...

IBM Director fails to properly time-out connection requests from clients

Overview IBM Director Systems, specifically CIM Server, contains a denial-of-service vulnerability that can allow a remote, unauthenticated attacker to render Director inoperative. Description IBM Director is a suite of system management tools.When a rogue connection request is made to IBM Direct...

Move Networks Quantum Streaming Player ActiveX stack buffer overflows

Overview The Move Networks Quantum Streaming Player ActiveX controls contain multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Move Networks Quantum Streaming Player is an ActiveX video player for use ...

Trend Micro ServerProtect RPC buffer overflows

Overview The Trend Micro ServerProtect fails to properly handle RPC requests. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Trend Micro ServerProtect is an anti-virus application that is designed to run on Microsoft Windows servers. Trend...

Symantec Backup Exec contains heap overflow in RPC interface

Overview Symantec Backup Exec for Windows Servers contains a vulnerability that may allow a remote attacker to cause a denial of service or potentially execute arbitrary code on an affected system. Description Symantec Backup Exec for Windows Servers is a client/server based backup software...

Zoomify Viewer ActiveX control multiple stack buffer overflows

Overview The Zoomify Viewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Zoomify provides software to incorporate zoomable images into web sites. One of the Zoomify produc...

Authentium Command Antivirus odapi.dll multiple ActiveX buffer overflows

Overview Authentium Command Antivirus contains multiple ActiveX vulnerabilities, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Authentium Command Antivirus provides multiple ActiveX controls. Many of the ActiveX controls provided ...

Logitech VideoCall multiple ActiveX controls contain stack buffer overflows

Overview Logitech VideoCall ActiveX controls contain multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Logitech VideoCall is video conferencing software for Windows. Logitech VideoCall includes...

HTTP content scanning systems full-width/half-width Unicode encoding bypass

Overview Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems. Description Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP...

LiveData Protocol Server fails to properly handle requests for WSDL files

Overview The LiveData Protocol Server fails to properly handle requests. This vulnerability may allow a remote attacker to execute arbitrary code. Description The LiveData Protocol Server is real-time data acquisition and processing software used to record and transmit data among process control...

Oracle Database vulnerable to privilege escalation

Overview A vulnerability in Oracle Database for Microsoft Windows could allow a remote attacker to log on to the system with elevated privileges. Description A vulnerability exists in Oracle Database's Core Relational Database Management System RDBMS that may allow a remote attacker to log on to...