Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability

Overview Apple QuickTime contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition and possibly execute arbitrary code. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. Appl...

Shadow Utils useradd utility sets incorrect file permissions

Overview The Shadow Utilities contain a vulnerability that may result in new user mailboxes having arbitrary permissions. Description The Shadow Utilities provide tools to manage user accounts.When a new mailbox is created using the useradd utility, the open function does not receive the expected...

Apple Mail remote command execution vulnerability

Overview Apple Mail contains a vulnerability that may allow an attacker to execute arbitrary commands on OS X Leopdard 10.5 systems. Description Apple OS X uses resource forks to store structured data in files. Data forks are used to store unstructured data.The AppleDouble standard is specified i...

IBM Director fails to properly time-out connection requests from clients

Overview IBM Director Systems, specifically CIM Server, contains a denial-of-service vulnerability that can allow a remote, unauthenticated attacker to render Director inoperative. Description IBM Director is a suite of system management tools.When a rogue connection request is made to IBM Direct...

Move Networks Quantum Streaming Player ActiveX stack buffer overflows

Overview The Move Networks Quantum Streaming Player ActiveX controls contain multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Move Networks Quantum Streaming Player is an ActiveX video player for use ...

Trend Micro ServerProtect RPC buffer overflows

Overview The Trend Micro ServerProtect fails to properly handle RPC requests. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Trend Micro ServerProtect is an anti-virus application that is designed to run on Microsoft Windows servers. Trend...

Symantec Backup Exec contains heap overflow in RPC interface

Overview Symantec Backup Exec for Windows Servers contains a vulnerability that may allow a remote attacker to cause a denial of service or potentially execute arbitrary code on an affected system. Description Symantec Backup Exec for Windows Servers is a client/server based backup software...

HTTP content scanning systems full-width/half-width Unicode encoding bypass

Overview Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious HTTP traffic to bypass content scanning systems. Description Full-width and half-width encoding is a technique for encoding Unicode characters. Various HTTP...

Computer Associates eTrust AntiVirus Server buffer overflow

Overview Computer Associates eTrust AntiVirus Server contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code, or create a denial of service condition. Description Computer Associates eTrust AntiVirus Server is an antivirus product distributed b...

LiveData Protocol Server fails to properly handle requests for WSDL files

Overview The LiveData Protocol Server fails to properly handle requests. This vulnerability may allow a remote attacker to execute arbitrary code. Description The LiveData Protocol Server is real-time data acquisition and processing software used to record and transmit data among process control...

Oracle Database vulnerable to privilege escalation

Overview A vulnerability in Oracle Database for Microsoft Windows could allow a remote attacker to log on to the system with elevated privileges. Description A vulnerability exists in Oracle Database's Core Relational Database Management System RDBMS that may allow a remote attacker to log on to...

Second Sight Software ActiveMod ActiveX control stack buffer overflow

Overview The Second Sight Software ActiveMod ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveMod is a music player that is provided as an ActiveX control...

Yahoo! Messenger AudioConf ActiveX Control buffer overflow vulnerability

Overview The Yahoo! Messenger AudioConf ActiveX control contains a buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Messenger is an instant messaging application. Yahoo! Messenger includes several ActiveX...

Cisco Firewall Services Module vulnerable to DoS via inspection of malformed SIP messages

Overview Cisco Firewall Services Module fails to properly inspect SIP messages. This vulnerability may allow a remote attacker to cause a denial of service condition. Description The Cisco Firewall Services Module is an integrated firewall service for Cisco Catalyst 6500 series switches and Cisco...

TWiki vulnerable to arbitrary code execution via CGI session files

Overview TWiki fails to protect the CGI session directory, which may allow an attacker to execute arbitrary code with the privileges of the web server. Description TWiki is a web-based collaborative publishing environment. TWiki creates CGI session files in the global /tmp directory, which is...

IBM Tivoli Storage Manager vulnerable to a buffer overflow

Overview A buffer overflow condition exists in the IBM Tivoli Storage manager. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code. Description The IBM Tivoli Storage Manager TSM is a remote backup softwar...

Novell NetMail IMAP vulnerable to DoS when processing "APPEND" commands

Overview A vulnerability in the way Novell Netmail handles IMAP APPEND commands may allow a denial of service. Description Novell Netmail's IMAP server contains a buffer overflow that may occur when processing parameters supplied to the APPEND command. An attacker must login to an affected system...

Cisco Secure Access Control Server fails to properly handle specially crafted Access-Request messages

Overview Several vulnerabilities in the RADIUS server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system. Description Cisco Secure ACS is a Remote Access Dial-In User Service RADIUS and Terminal Access Controller Access Control...

Madwifi wireless driver buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in the Madwifi wireless driver. If successfully exploited, an attacker may be able to execute arbitrary code, or cause a denial-of-service condition. Description The Madwifi driver is a Linux kernel device driver for Atheros-based 802.11 a/b/g...

Adobe Download Manager buffer overflow

Overview Adobe Download Manager contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to run arbitrary code with the privileges of the affected user or cause a denial-of-service condition. Description Adobe Download Manager ADM ADM is a utility that Adobe...

NaviCOPA Web Server fails to properly handle certain HTTP requests

Overview A vulnerability exists in the NaviCOPA Web Server. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description NaviCOPA Web Server is an HTTP server that is available for multiple versions of Microsoft Windows including Windows 98, NT, 2000,...

Clam AntiVirus fails to properly handle crafted Portable Executable (PE) files

Overview A vulnerability in the way Clam AntiVirus processes Portable Executable PE files may lead to execution of arbitrary code. Description Clam AntiVirus is a GPL virus scanner that has built-in support for for a number of file types including PE. According to iDefense Public Advisory:...

Apache mod_tcl module contains a format string error

Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...

McAfee Subscription Manager ActiveX control vulnerable to stack buffer overflow

Overview The McAfee Subscription Manager ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description ActiveXActiveX is a technology that allows programmers to create reusable software components that can be incorporated int...

Microsoft PowerPoint fails to properly handle malformed records

Overview Microsoft PowerPoint fails to properly handle malformed records allowing a buffer overflow to occur. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint fails to properly handle malformed records. Specifically,...

Microsoft Office fails to properly handle GIF images

Overview Microsoft Office applications fail to properly handle GIF images. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office applications fail to properly parse GIF images. When an Office document containing a malformed G...

EMC Retrospect Client buffer overflow vulnerability

Overview EMC Retrospect Client contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description EMC Retrospect Backup and Recovery Software EMC Retrospect is a is a backup and recovery application designed for small to medium...

RealNetworks products vulnerable to buffer overflow via specially crafted flash media file

Overview Numerous RealNetworks products are vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...

PostgreSQL database privilege escalation vulnerability

Overview PostgreSQL fails to properly recover from errors. This may allow an authenticated attacker to gain elevated privileges on a PostgreSQL database. Description PostgreSQL Database PostgreSQL is an open source database management system. The Problem There is a vulnerability in the way that...

Microsoft Web Client Service vulnerable to buffer overflow

Overview A buffer overflow in the message handling routines of the Microsoft Web Client Service may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft, the Web Client Service:allows applications to access documents on the...

Cisco IOS heap integrity checks are insufficient

Overview Cisco Internetwork Operating System IOS may allow a heap-based buffer overflow vulnerability to execute arbitrary code after bypassing heap integrity checks. Description Cisco IOS contains functionality for checking the integrity of the heap, which is a specific region in memory where da...

Oracle Application Server SQL*ReportWriter vulnerability

Overview An unspecified vulnerability in the Oracle SQLReportWriter may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle SQLReportWriter is a component of the Oracle Application Server. There is an vulnerability in the Oracle...

Some SSH servers on Microsoft Windows set insecure permissions for the host identification key file

Overview SSH provides remote, encrypted terminal access to hosts. Some SSH servers, when running on Microsoft Windows, set insecure permissions on the file storing the private SSH server hostkey. This could allow an authenticated user to obtain the SSH hostkey and use it to impersonate the server...

WebEOC implements weak algorithms to encrypt sensitive information

Overview WebEOC uses weak cryptographic algorithms to encrypt sensitive information. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate information between emergency personnel and Emergency Operations Centers...

VERITAS Backup Exec Remote Agent fails to properly validate authentication requests

Overview Backup Exec Remote Agent for Windows Servers contains a buffer overflow vulnerability due to incorrect validation on authentication requests. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup. The VERITAS Backup Exec Agent run...

Apple Mac OSX executes arbitrary widget with same "bundle identifier" as system widget

Overview Apple Mac OS X Tiger Dashboard executes arbitrary widgets with the same "bundle identifier" as a system widget. This can allow a user-installed widget to override a system-installed one. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is...

Apple Mac OS X Foundation Framework vulnerable to buffer overflow via incorrect handling of an environmental variable

Overview A buffer overflow in Mac OS X Foundation Framework's processing of environment variables may lead to elevated privileges. Description A vulnerability is present Mac OS X Foundation Framework shipped in version 10.3.9 of Mac OS X and Mac OSX Server. There is a flaw in the handling of...

Microsoft MSN Messenger GIF processing buffer overflow

Overview MSN Messenger clients before version 7.0 will allow remote attackers to take control of a computer if malicious GIF files are processed. Description Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with people using text messages, voice and vid...

NotifyLink administrative interface displays user passwords in clear text

Overview The NotifyLink web interface grants administrative users inappropriate access to private user password information. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The application consists of a PDA-specific...

WinAmp playlist handling may allow a remote buffer overflow and arbitrary code execution

Overview WinAmp contains a flaw which may allow a remote system compromise if a maliciously crafted playlist is loaded. Description Nullsoft's WinAmp is a multimedia system for Microsoft Windows. WinAmp allows users to create and use "playlists" to play their multimedia files in a customized...

Multiple networking devices fail to set the "Secure" attribute of a cookie

Overview Multiple vendors' networking devices fail to set the "Secure" cookie attribute and could disclose sensitive information about a user's HTTP session. Description Many networking devices provide a built-in web server, which may support the HTTPS protocol. When a user logs into the device...

Mozilla Mail vulnerable to buffer overflow via "writeGroup()" function in "nsVCardObj.cpp"

Overview Mozilla Mail contains a vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine with the privileges of the current user. Description Mozilla Mail contains a stack...

Apple Mac OS X CoreFoundation contains a buffer overflow vulnerability

Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications in...

Cisco IOS fails to properly handle telnet connections

Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability could allow remote attackers to prevent new connections to remote management services on a vulnerable device. Description Cisco IOS devices can be remotely managed using a number of...

Multiple Cisco ONS control cards fail to properly handle malformed TCP packets

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

Gaim contains an off-by-one buffer overflow vulnerability in the yahoo_decode() function

Overview There is an off-by-one buffer overflow vulnerability in the Gaim yahoodecode function. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger YMSG protocol...

Internet Security Systems' BlackICE and RealSecure contain a heap overflow in the processing of SMB packets

Overview Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user. Description...

Multiple vulnerabilities in X.400 implementations

Overview Multiple vulnerabilities exist in different vendors' X.400 implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code. Description The U.K. National Infrastructure Security Co-ordination Center NISCC h...

WS_FTP Server vulnerable to buffer overflow when supplied overly long "STAT" command

Overview It has been reported that a vulnerability exists in the processing of a "STAT" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...

OpenVMS page management vulnerability

Overview Old versions circa 1993 of OpenVMS and OpenVMS AXP contain a vulnerability related to page management. Description There is a vulnerability related to page management in old versions circa 1993 of Open VMS. An exploit for this vulnerability, written in MACRO-32, was available at the time...