3704 matches found
Apple Mac OSX executes arbitrary widget with same "bundle identifier" as system widget
Overview Apple Mac OS X Tiger Dashboard executes arbitrary widgets with the same "bundle identifier" as a system widget. This can allow a user-installed widget to override a system-installed one. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is...
Apple Mac OS X Foundation Framework vulnerable to buffer overflow via incorrect handling of an environmental variable
Overview A buffer overflow in Mac OS X Foundation Framework's processing of environment variables may lead to elevated privileges. Description A vulnerability is present Mac OS X Foundation Framework shipped in version 10.3.9 of Mac OS X and Mac OSX Server. There is a flaw in the handling of...
WinAmp playlist handling may allow a remote buffer overflow and arbitrary code execution
Overview WinAmp contains a flaw which may allow a remote system compromise if a maliciously crafted playlist is loaded. Description Nullsoft's WinAmp is a multimedia system for Microsoft Windows. WinAmp allows users to create and use "playlists" to play their multimedia files in a customized...
Microsoft Windows Indexing Service fails to properly handle query validation
Overview A vulnerability in the Microsoft Indexing Service could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Indexing Service provides applications and scripts with a means of managing, querying, and indexing information in file systems or web...
Symantec Brightmail Anti-Spam Spamhunter UTF encoding error
Overview Symantec Brightmail Anti-Spam Spamhunter crashes when trying to convert certain valid character sets to UTF, resulting in a denial-of-service condition. Description Brightmail Anti-Spam Spamhunter is a spam filter designed for corporate environments. The Brightmail Anti-Spam Spamhunter...
Sun Java System Web Proxy Server vulnerable to buffer overflow
Overview Buffer overflow vulnerabilities in the Java System Web Proxy Server may allow remote attackers to execute arbitrary code or cause a denial-of-service condition. Description The Java System Web Proxy Server is a caching HTTP proxy server. A lack of bounds checking in the Java System Web...
Microsoft Windows SMTP component vulnerable to remote code execution
Overview A vulnerability in the mail handling service in some versions of Microsoft Windows could allow a remote attacker to compromise the affected system. Description The Simple Mail Transfer Protocol SMTP is the most common protocol for the delivery of electronic mail between systems on the...
Apple Mac OS X CoreFoundation contains a buffer overflow vulnerability
Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications in...
MySQL fails to properly handle overly long "scramble" values
Overview There is a buffer overflow vulnerability in the way MySQL handles overly long "scramble" strings, which could allow an attacker to cause a denial of service or potentially execute arbitrary code. Description MySQL is an open-source database system available for Microsoft Windows, Linux,...
Cisco CatOS TCP ACK handling vulnerability
Overview A vulnerability in Cisco CatOS may allow a remote attacker to cause a denial of service on an affected device. Description Cisco's CatOS is an operating system that runs on some Cisco Catalyst switch products. A vulnerability in the way that TCP services on CatOS handle malformed...
Multiple Symantec firewall products contain a heap corruption vulnerability in the handling of NBNS response packets
Overview There is a heap corruption vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted NetBIOS Name Service NBNS response packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. Description Symante...
Gaim contains an off-by-one buffer overflow vulnerability in the gaim_quotedp_decode() function
Overview There is an off-by-one buffer overflow vulnerability in the Gaim MIME decoder. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It includes a feature that requires Gaim to decode MIME-encoded data. There is an off-by-one buffer overflow...
Cisco IOS fails to properly process solicited SNMP operations
Overview Cisco IOS contains a vulnerability in the processing of solicited Simple Network Management Protocol SNMP operations that may result in memory corruption of the device causing it to reload. Sustained exploitation of this vulnerability could lead to a denial of service condition affect a...
Microsoft Windows Media Services fails to properly validate TCP requests
Overview Microsoft Windows Media Services fails to properly validate TCP requests which could allow a remote, unauthenticated attacker to cause the services to refuse new TCP connections. Description Microsoft Windows Media Services is an optional component that provides the ability to deliver...
Oracle9i Database contains buffer overflow in TIME_ZONE session parameter
Overview Oracle9i Database contains a buffer overflow in the TIMEZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description The TIMEZONE parameter is a session parameter that specifie...
Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets
Overview Microsoft Windows Internet Naming Service WINS fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition. Description The Windows Internet Naming Service WINS maps IP addresses to NETBIO...
Multiple vulnerabilities in X.400 implementations
Overview Multiple vulnerabilities exist in different vendors' X.400 implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code. Description The U.K. National Infrastructure Security Co-ordination Center NISCC h...
Cisco Lightweight Extensible Authentication Protocol (LEAP) uses passwords that are vulnerable to dictionary attacks
Overview The Cisco LEAP protocol uses hashed passwords that are vulnerable to dictionary attacks. Successful attackers will be able to gain unauthorized access to affected networks. Description The Cisco Lightweight Extensible Authentication Protocol LEAP provides an authentication mechanism for...
Avaya Argent Office requests 'HoldMusic' file from broadcast address via TFTP
Overview This vulnerability allows unauthenticated users to upload call holding music to affected devices. Description The Avaya Argent Office sends broadcast TFTP requests to obtain a file named "HoldMusic" that is used to supply hold music for customers who dial into the device. Therefore, an...
WS_FTP Server vulnerable to buffer overflow when supplied overly long "STAT" command
Overview It has been reported that a vulnerability exists in the processing of a "STAT" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...
Cisco VPN 3000 Concentrator vulnerable to DoS via large number of malformed ICMP packets
Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to cause a denial of service. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed to provide secure...
OpenVMS page management vulnerability
Overview Old versions circa 1993 of OpenVMS and OpenVMS AXP contain a vulnerability related to page management. Description There is a vulnerability related to page management in old versions circa 1993 of Open VMS. An exploit for this vulnerability, written in MACRO-32, was available at the time...
Microsoft Windows Virtual Machine (VM) ByteCode Verifier fails to properly check Java applets for malicious code
Overview The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. Description The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder coul...
SGI IRIX "xfsdump" creates quota information files insecurely
Overview A vulnerability exists in xfsdump on SGI IRIX. Exploitation of this vulnerability may allow a local attacker to gain root privileges. Because other operating systems ship with xfsdump, vendors other than SGI may be affected. Description From the xfsdump man page:xfsdump backs up files an...
Protegrity Secure.Data for Microsoft SQL Server 2000 contains buffer overflows in extended stored procedures
Overview Protegrity Secure.Data for Microsoft SQL Server 2000 includes several extended stored procedures that contain buffer overflow vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, gain access to databases, or cause a denial of service. Descriptio...
Lotus Notes and Domino COM Object Control Handler contains buffer overflow
Overview Lotus Notes is a client application that provides access to Lotus Domino servers. A vulnerability exists that could permit a remote attacker to cause a user to execute arbitrary code. Description A buffer overflow vulnerability exists in the in both Lotus Notes clients and Domino Servers...
Microsoft Internet Explorer does not adequately validate references to cached objects and methods
Overview Microsoft Internet Explorer does not adequately validate references to cached objects and methods across domains and security zones. The impact is similar to that of a cross-site scripting vulnerability, allowing an attacker to access data in other sites, including the Local Computer zon...
Pine MUA contains buffer overflow in addr_list_string()
Overview Pine is a mail user agent MUA written and distributed by the University of Washington. Some versions contain a buffer overflow vulnerability in email address handling. Description Versions of Pine prior to 4.50 contain a remotely exploitable buffer overflow in the addrliststring function...
Sun Solaris priocntl(2) does not adequately validate path to kernel modules that implement lightweight process (LWP) scheduling policy
Overview The Sun Solaris priocntl2 function does not adequately validate a memory structure that specifies the name of a kernel module. As a result, a local attacker could execute arbitrary code with superuser privileges on a vulnerable system. Description The Sun Solaris priocntl2 function...
gv contains buffer overflow in sscanf() function
Overview A remotely exploitable buffer overflow vulnerability exists in gv. Description A remotely exploitable buffer overflow vulnerability exists in gv. gv allows a user to view and navigate PostScript and PDF documents by providing an interface to the ghostscript interpreter. This vulnerabilit...
Savant Web Server has a buffer overflow vulnerability
Overview Savant Web Server has a buffer overflow vulnerability in handling of the HTTP 1.1 Host header. Description Savant Web Server has a buffer overflow vulnerability in handling of the HTTP 1.1 Host header. HTTP requests with long Host headers will cause Savant to crash. --- Impact Remote...
PGPMail.pl does not adequately validate user input thereby allowing arbitrary command execution
Overview PGPMail.pl does not adequately filter user input, allowing arbitrary command execution. Description PGPMail.pl is an adaptation of the FormMail.pl CGI script, enhanced to use PGP encryption. PGPMail.pl does not adequately filter the "recipient" and "pgpuserid" CGI variables before passin...
MS Excel XLM Text Macro execution fails to trigger warning when default medium security set
Overview Excel fails to present a warning dialog when a macro is called from an external XLM text macro file. Description If a spreadsheet contains a reference to an external macro XLM file, Excel does not generate the usual warning dialog asking if the user wants to run the macro. Microsoft...
Microsoft Windows Media Player ActiveX control allows execution of javascript in "already open" frames
Overview A vulnerability in the Windows Media Player may allow remote attackers to view the contents of local files on the victim's computer. Description Using the "LaunchURL" method of the Windows Media Player ActiveX control, a web page author may be able to circumvent the frame security featur...
AdCycle does not adequately validate user input thereby allowing for SQL injection
Overview AdCycle does not adequately filter user input, allowing remote attackers to execute arbitrary MySQL queries. Description AdCycle is a shareware banner ad management system written in Perl and designed to work with a MySQL database. AdCycle does not adequately filter multiple unspecified...
Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp
Overview The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port. Description Microsoft LAN Manager LANMAN is enabled by default on...
Microsoft Windows Terminal Services Advanced Client (TSAC) contains buffer overflow in process that handles input parameters
Overview Microsoft Windows Terminal Services Advanced Client TSAC contains a remotely exploitable buffer overflow. Description The Microsoft Windows Terminal Services Advanced Client TSAC contains a remotely exploitable buffer overflow. This ActiveX control provides a way to deliver Terminal...
Microsoft Internet Explorer contains buffer overflow in handling of gopher replies
Overview There is a buffer overflow in Internet Explorer when IE receives information from a gopher service. Description Gopher is a protocol that presents documents and services in a hierarchal representation, and is similar in some ways to HTTP. Internet Explorer reportedly contains a buffer...
Macromedia JRun ISAPI DLL filter vulnerable to buffer overflow via request for long Host header field
Overview A remotely exploitable buffer overflow exists in Macromedia's JRun version 3.1 on Win32 platforms. Description A remotely exploitable buffer overflow exists in the Win32 version of Macromedia's JRun version 3.1 on Win32 platforms.JRun is an application server that works with most popular...
SSHD allows users to override "AllowedAuthentications" configuration thereby permitting users to provide any type of authentication
Overview A remotely exploitable authentication vulnerability exists in the SSH Communications Security SSH Secure Shell server, and possibly other SSH servers. Description SSH is a program used to provide secure communications between hosts. Versions 3.0.0 - 3.1.1 of SSH Secure Shell for Servers...
Jana Server does not adequately validate user input thereby allowing directory traversal
Overview Jana Server contains a directory traversal vulnerability. Description Versions 1.4x of Jana Server, a web server for Windows developed by T. Hauck, do not properly filter requests for hexadecimal encodings of ".." dot-dot and allows directory traversal out of the HTTP document root...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Location header
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial of service or execute arbitrary code on the system...
AOL Instant Messenger exposes local file path during file transfers
Overview AOL Instant Messenger AIM disclose local file paths during transfer. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. When the file is transferred, the entire local pat...
Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL
Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...
Linux dump uses environment variables insecurely, allowing for root compromise
Overview Some implementations of the Linux backup utility, dump, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if dump is setuid root. Description Some implementations of the Linux backup utility, dump, permit use of...
Microsoft Windows 2000 SMTP service fails to properly authenticate credentials of unauthorized user (MS01-037)
Overview A vulnerability exists in the SMTP service installed by default on Microsoft Windows 2000 Server and optionally on Windows 2000 professional that could allow an intruder to use the service to send mail. Description The Simple Mail Transfer Protocol SMTP is the standard protocol used to...
Allaire ColdFusion Server contains vulnerability allowing unauthorized user read/delete access to files
Overview A vulnerability exists in Allaire ColdFusion Server which allows an attacker to have unauthorized read and delete access to files on the target host. Description A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to have unauthorize...
Microsoft Services for UNIX Telnet server is vulnerable to denial of service via memory leak
Overview The telnet server included in the Microsoft Services for Unix package contains a denial-of-service vulnerability that may cause the system to become unstable or crash. Description The telnet server included in the Microsoft Services for Unix SFU package contains a memory leak that can le...
man 'makewhatis' insecurely uses /tmp
Overview The 'makewhatis' script in the Linux man package allows local users to overwrite files via a symlink attack. Description The 'makewhatis' program is a Bourne shell script that ships with many Linux distributions in the 'man' package of programs. The 'makewhatis' script creates files in t...
Hewlett-Packard HP-UX newgrp command does not function properly
Overview A security vulnerability exists in thenewgrp command on certain Hewlett-Packard systems. Description HP9000 servers running HP-UX release 11.11 contain a security vulnerability allowing users to gain increased capability. No further details are available. See HP document HPSBUX0103-147...