3704 matches found
SSH host key authentication can be bypassed when DNS is used to resolve localhost
Overview This vulnerability allows an attacker to redirect an SSH connection to an arbitary host. Description When making connections to localhost, SSH disables host key checking to provide compatibility with NFS filesystems. As a result, if the victim's machine uses a poisoned DNS server to...
Local privilege escalation in Linux Kernel (Dirty Frag)
Overview A privilege escalation vulnerability, nicknamed "Dirty Frag," has been discovered in the Linux kernel versions 4.10 and later. This vulnerability is a result of chaining together two previously discovered vulnerabilities, xfrm-ESP Page-Cache Write CVE-2026-43284 and the RxRPC Page-Cache...
Netgear httpd upgrade_check.cgi stack buffer overflow
Overview Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgradecheck.cgi, which may allow for unauthenticated remote code execution with root privileges. Description Many Netgear devices contain an embedded web server, which is provided by the httpd...
Alertus Desktop Notification for OS X sets insecure permissions for configuration and other files
Overview Alertus Desktop Notification for OS X, version 2.9.30.1700 and earlier, sets insecure permissions for configuration and other files, which may enable an unprivileged attacker to disable notifications and modify content locally. Description CWE-276: Incorrect Default Permissions -...
Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF
Overview The Lenovo Solution Center application contains multiple vulnerabilities that can allow an attacker to execute arbitrary code with SYSTEM privileges. Description CWE-732: Incorrect Permission Assignment for Critical Resource Launching the Lenovo Solution Center creates a process called...
HP Photosmart B210 printer SMB server buffer overflow vulnerability
Overview The HP Photosmart B210 printer utilizes an SMB server for managing the print queue. An invalid SMB packet may cause a denial of service condition, requiring the printer to be restarted. Description Fuzzing the first 296 bytes of an SMB packet may in some cases cause a denial of service...
BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow
Overview BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow Description CWE-121-Stack-based Buffer Overflow BulletProof FTP Client 2010 does not check the length of the host parameter set in the quick connect bar. A long host value causes a stack-based buffer overflow,...
F5 ARX Data Manager contains a SQL injection vulnerability
Overview F5 ARX Data Manager 3.0.0 - 3.1.0 contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command F5 ARX Data Manager 3.0.0 - 3.1.0 contains an unspecified SQL injection vulnerability. --- Impact A remote authenticated attack...
PaperThin CommonSpot CMS contains multiple vulnerabilities
Overview PaperThin CommonSpot contains multiple vulnerabilities, which may allow an unauthenticated remote attacker to execute arbitrary code on the server. Description PaperThin CommonSpot is a content management system CMS that is based on Adobe ColdFusion. CommonSpot is composed of over 3000...
CS-Cart version 4.0.2 contains cross-site scripting vulnerabilities
Overview CS-Cart version 4.0.2 and possibly earlier versions contain cross-site scripting XSS vulnerabilities CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CS-Cart version 4.0.2 and possibly earlier versions contain cross-site...
MW6 Technologies ActiveX controls contain multiple vulnerabilities
Overview MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls contain multiple vulnerabilities. Description MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls are used for processing barcodes. The ActiveX controls contain multiple vulnerabilities that may lead to...
Tiki Wiki CMS Groupware version 11.0 contains a cross-site scripting (XSS) vulnerability
Overview Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Tiki Wiki CMS Groupware version 11.0 and possibly earlier...
TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability
Overview TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service CWE-20 vulnerability. Description CWE-20:Improper Input Validation- CVE-2013-3580TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to...
Adobe Shockwave 11.6.7.637 contains multiple exploitable vulnerabilities
Overview Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Macromedia Shockwave Player is...
Websense Content Gateway XSS vulnerabilities
Overview Websense Content Gateway contains XSS vulnerabilities. Description Websense Content Gateway contains the following post-authentication reflective XSS vulnerabilities within the menu and item parameter values in the /monitor/moverview.ink webpage. The reflective XSS reported allows for...
HP Virtual SAN appliance root shell command injection
Overview The HP Virtual SAN appliance version 9.5 is susceptible to a root shell command injection CWE-77 vulnerability. Description Tenable Network Security has reported that HP's fix for the command injection vulnerability, EDB-ID 18893, was incomplete. The ping command for the appliance has a...
ATA interface software may not properly handle ATA security features
Overview ATA interface software, including multiple system board BIOS implementations do not adequately manage the ATA hard drive security mode. An attacker may be able to manipulate this situation to completely lock a hard drive resulting in an almost unrecoverable denial-of-service condition...
Apple Mac OS X CoreText embedded font vulnerability
Overview Apple Mac OS X CoreText contains a use-after-free vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Mac OS X CoreText is a text layout and font processing engine that is used to handle embedded fonts.CoreTe...
GoAhead Webserver multiple stored XSS vulnerabilities
Overview GoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting XSS vulnerabilities. Description GoAhead Webserver software fails to sanitize POST requests sent to the multiple functions. As a result, stored and...
AmmSoft ScriptFTP 3.3 client remote buffer overflow vulnerability
Overview AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command. Description AmmSoft's ScriptFTP client can be exploited to execute arbitrary code when processing GETLIST or GETFI...
Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability
Overview Dell KACE K2000 Systems Deployment Appliance contains a hidden CIFS share that allows anonymous access. Description According to Dell KACE's knowledge base article: "The Dell KACE K2000 Systems Deployment Appliance version 3.3.36822 and earlier uses a read-only CIFS fileshare named...
pWhois Layer Four Traceroute 3.x vulnerability
Overview Given a specific set of command line arguments, Layer Four Traceroute lft will produce a segmentation fault leading to a possible privilege escalation vulnerability. Description pWhois Layer Four Traceroute 3.x contains a vulnerability when parsing command line arguments. Earlier version...
Oracle WebLogic Node Manager allows arbitrary configuration via UNC path
Overview Oracle WebLogic Node Manager 10.3.3 and earlier versions contain a remote file inclusion vulnerability. This vulnerability could allow a remote attacker to execute arbitrary commands on an affected system. Description Node Manager is a WebLogic Server utility that enables you to start,...
Oracle Siebel Option Pack for IE ActiveX control memory initialization vulnerability
Overview The Oracle Siebel Option Pack for IE ActiveX control fails to properly initialize memory, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Siebel Option Pack for IE is an ActiveX control that is provided by Oracle Siebel...
Mozilla WOFF decoder integer overflow
Overview An integer overflow in the Mozilla Web Open Fonts Format WOFF decoder may allow a remote attacker to execute code on an affected system. Description The Web Open Fonts Format WOFF is a simple compressed file format for fonts. Mozilla introduced support for WOFF in the 1.9.2 branch of the...
RealFlex RealWin buffer overflow
Overview RealFlex RealWin demo version contains a vulnerability in the way "FCINFOTAG/SETCONTROL" packets are processed. Description RealFlex RealWin is SCADA server software that includes a Human Machine Interface HMI componant and runs on Microsoft Windows 2000 or XP. The demo version of RealWi...
Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript method
Overview Adobe Reader and Acrobat contain an unspecified flaw in a JavaScript method, which can allow a remote, unauthenticated attacker to execute code on a vulnerable system. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes...
Microsoft HeartbeatCtl ActiveX control buffer overflow
Overview The Microsoft HeartbeatCtl ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft HeartbeatCtl ActiveX control is used to play multiplayer games on the MSN Games website. T...
Microsoft Windows Media Format Runtime ASF handling buffer overflow
Overview Microsoft Windows Media Format Runtime is vulnerable to a heap-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an vulnerable system. Description Microsoft Windows Media Format Runtime is used by various Windows Media...
Electronic Arts SnoopyCtrl ActiveX control and plug-in stack buffer overflows
Overview The Electronic Arts SnoopyCtrl ActiveX control and plug-in contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Electronic Arts EA.com provides an ActiveX control and Netscape-style...
Microsoft MFC FindFile function heap buffer overflow
Overview A buffer overflow vulnerability in the Microsoft Foundation Class MFC Library could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Foundation Class MFC Library is a Microsoft library that wraps parts of the Windows API in C++ classes. The MFC...
MSN Messenger and Windows Live Messenger webcam stream heap overflow
Overview MSN Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code. Description MSN Messenger is an instant messaging application. Starting with version 8, MSN Messenger was renamed to Windows Live Messenger. Windows Live Messenger and some...
Zoomify Viewer ActiveX control multiple stack buffer overflows
Overview The Zoomify Viewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Zoomify provides software to incorporate zoomable images into web sites. One of the Zoomify produc...
HTTP content scanning systems full-width/half-width Unicode encoding bypass
Overview Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems. Description Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP...
Microsoft Windows CSRSS error handling vulnerability
Overview The Microsoft Windows Client/Server Run-time Subsystem CSRSS process fails to properly handle error messages. This vulnerability may allow a remote attacker to execute arbitrary code. Description According to Microsoft Security Bulletin MS07-021:CSRSS is the user-mode portion of the Win3...
Yahoo! Messenger AudioConf ActiveX Control buffer overflow vulnerability
Overview The Yahoo! Messenger AudioConf ActiveX control contains a buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Messenger is an instant messaging application. Yahoo! Messenger includes several ActiveX...
Microsoft Malware Protection Engine fails to properly process a specially crafted PDF File
Overview A vulnerability in the way Microsoft Malware Protection Engine processes PDF files may lead to execution of arbitrary code. Description Microsoft Malware Protection Engine contains a vulnerability that could be exploited when it attempts to process specially crafted PDF files. According ...
Novell NetMail IMAP vulnerable to DoS when processing "APPEND" commands
Overview A vulnerability in the way Novell Netmail handles IMAP APPEND commands may allow a denial of service. Description Novell Netmail's IMAP server contains a buffer overflow that may occur when processing parameters supplied to the APPEND command. An attacker must login to an affected system...
Cisco Security Agent Management Center vulnerable to authentication bypass
Overview Cisco Security Agent Management Center CSAMC may be vulnerable to authentication bypass when configured to use an external Lightweight Directory Access Protocol LDAP server for authentication. Description Cisco Security Agent Management Center CSAMC is a component of the CiscoWorks VPN...
Apache mod_tcl module contains a format string error
Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...
Microsoft PowerPoint malformed record memory corruption
Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens...
HP OpenView Storage Data Protector may allow an attacker to execute arbitrary commands
Overview A vulnerability in HP OpenView Storage Data Protector may allow an attacker to issue arbitrary commands on an affected system. Description HP OpenviewHP Openview is a range of products, distributed and developed by Hewlett Packard, that are used for enterprise system and network...
McAfee Subscription Manager ActiveX control vulnerable to stack buffer overflow
Overview The McAfee Subscription Manager ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description ActiveXActiveX is a technology that allows programmers to create reusable software components that can be incorporated int...
Microsoft Office fails to properly handle GIF images
Overview Microsoft Office applications fail to properly handle GIF images. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office applications fail to properly parse GIF images. When an Office document containing a malformed G...
Secure Elements Class 5 AVR client fails to properly validate a messages target CEID
Overview The Secure Elements Class 5 AVR client fails to properly validate a message's target CEID. This makes attacks easier, as the attacker does not need to guess the victim's true CEID. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produ...
Sun Java Web Start security bypass vulnerability
Overview A vulnerability in the Sun Java Web Start may allow an untrusted Java applet or application to bypass security restrictions and execute arbitrary code. Description Java Web Start technology allows Java applications and applets to be executed via HTTP. Remote applications and applets are...
Microsoft WMF memory corruption vulnerability
Overview Microsoft applications fail to properly handle Windows Metafile WMF images potentially allowing a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including WMF images. Windows...
Symantec RAR decompression library contains multiple heap overflows
Overview The Symantec RAR decompression library Dec2RAR.dll contains multiple heap buffer overflows. Using a specially crafted RAR archive, a remote attacker could execute arbitrary code or cause a denial of service. Description Symantec AntiVirus and other security products use a library to...
Oracle Application Server SQL*ReportWriter vulnerability
Overview An unspecified vulnerability in the Oracle SQLReportWriter may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle SQLReportWriter is a component of the Oracle Application Server. There is an vulnerability in the Oracle...
Some SSH servers on Microsoft Windows set insecure permissions for the host identification key file
Overview SSH provides remote, encrypted terminal access to hosts. Some SSH servers, when running on Microsoft Windows, set insecure permissions on the file storing the private SSH server hostkey. This could allow an authenticated user to obtain the SSH hostkey and use it to impersonate the server...