3704 matches found
CS-Cart v3.0.4 configured with PayPal Standard Payments design vulnerability
Overview CS-Cart v3.0.4 and possibly other versions configured with PayPal Standard Payment is susceptible to a client-side attack that results in an attacker purchasing items without having to pay for them. Description It has been reported that CS-Cart v3.0.4 configured with PayPal Standard...
DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
Overview DomainKeys Identified Mail DKIM Verifiers may inappropriately convey message trust when messages are signed using keys that are too weak 1024 bits or that are marked as test keys. Description RFC 6376 states "DomainKeys Identified Mail DKIM permits a person, role, or organization to clai...
Windows Phone 7 does not check certificate Common Names when sending or receiving emails over SSL.
Overview Windows Phone 7 does not check CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL. Description Windows Phone 7 fails to check the CN Common Name of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP serve...
@Mail Open webmail client contains multiple vulnerabilities
Overview The @Mail Open 1.04 webmail client contains multiple vulnerabilities including; unrestricted upload of file with dangerous type CWE-434, relative path traversal CWE-23, external control of file name or path CWE-73, and information exposure CWE-200. Description The @Mail Open 1.04 webmail...
eEye Retina audit script could execute untrusted programs as root
Overview eEye Retina audit scripts have the capability to run remote shell scripts in order to determine vulnerable applications. One audit script in particular audit ID 2499 uses find1 and execute -exec when assessing a vulnerability within Gauntlet Firewall. An attacker who can write an...
IBM Access Support ActiveX control stack buffer overflow
Overview The IBM Access Support ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The IBM Access Support ActiveX control has the ability to collect system information, such as make,...
LANDesk QIP service buffer overflow vulnerability
Overview The LANDesk Management Suite Intel QIP service contains a buffer overflow vulnerability. Description The LANDesk Intel QIP Server Service is used to configure policy management. The Intel QIP service allows LANDesk Agents to report status and make certain software requests. A buffer...
Google SAML Single Sign on vulnerability
Overview The SAML Single Sign-On SSO Service for Google Apps contained a vulnerability that could have allowed an attacker to gain access to a user's Google account. Description The Security Assertion Markup Language SAML is a standard for transmitting authentication data between two or more...
Deterministic Network Enhancer privilege escalation vulnerability
Overview The Deterministic Network driver contains a privilege escalation vulnerability, which can allow a local attacker to execute code with kernel privileges. Description Deterministic Networks provides a product called Deterministic Network Enhancer DNE, which extends the Microsoft Windows...
Microsoft Office fails to properly handle specially crafted Rich Text Format files
Overview A vulnerability in the way Microsoft Office handles Rich Text Format files may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing malformed strings contained in specially crafted Rich Text Format .rtf files...
CA Unicenter DSM ITRM Legends ActiveX integer overflow
Overview The CA Unicenter DSM ITRM Legends ActiveX control contains an integer overflow vulnerability, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description CA Unicenter DSM ITRM Legends is an ActiveX control that is included with multiple CA products. Th...
Shadow Utils useradd utility sets incorrect file permissions
Overview The Shadow Utilities contain a vulnerability that may result in new user mailboxes having arbitrary permissions. Description The Shadow Utilities provide tools to manage user accounts.When a new mailbox is created using the useradd utility, the open function does not receive the expected...
Apple Mail remote command execution vulnerability
Overview Apple Mail contains a vulnerability that may allow an attacker to execute arbitrary commands on OS X Leopdard 10.5 systems. Description Apple OS X uses resource forks to store structured data in files. Data forks are used to store unstructured data.The AppleDouble standard is specified i...
IBM Director fails to properly time-out connection requests from clients
Overview IBM Director Systems, specifically CIM Server, contains a denial-of-service vulnerability that can allow a remote, unauthenticated attacker to render Director inoperative. Description IBM Director is a suite of system management tools.When a rogue connection request is made to IBM Direct...
Move Networks Quantum Streaming Player ActiveX stack buffer overflows
Overview The Move Networks Quantum Streaming Player ActiveX controls contain multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Move Networks Quantum Streaming Player is an ActiveX video player for use ...
Trend Micro ServerProtect RPC buffer overflows
Overview The Trend Micro ServerProtect fails to properly handle RPC requests. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Trend Micro ServerProtect is an anti-virus application that is designed to run on Microsoft Windows servers. Trend...
Computer Associates eTrust AntiVirus Server buffer overflow
Overview Computer Associates eTrust AntiVirus Server contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code, or create a denial of service condition. Description Computer Associates eTrust AntiVirus Server is an antivirus product distributed b...
LiveData Protocol Server fails to properly handle requests for WSDL files
Overview The LiveData Protocol Server fails to properly handle requests. This vulnerability may allow a remote attacker to execute arbitrary code. Description The LiveData Protocol Server is real-time data acquisition and processing software used to record and transmit data among process control...
Oracle Database vulnerable to privilege escalation
Overview A vulnerability in Oracle Database for Microsoft Windows could allow a remote attacker to log on to the system with elevated privileges. Description A vulnerability exists in Oracle Database's Core Relational Database Management System RDBMS that may allow a remote attacker to log on to...
Microsoft Internet Explorer vulnerable to remote code execution
Overview A vulnerability in the way Microsoft Internet Explorer instantiates COM objects may lead to execution of arbitrary code. Description Component Object Model, or COM objects, are used to enable interprocess communication and dynamic object creation within Microsoft Windows. Microsoft...
TWiki vulnerable to arbitrary code execution via CGI session files
Overview TWiki fails to protect the CGI session directory, which may allow an attacker to execute arbitrary code with the privileges of the web server. Description TWiki is a web-based collaborative publishing environment. TWiki creates CGI session files in the global /tmp directory, which is...
IBM Tivoli Storage Manager vulnerable to a buffer overflow
Overview A buffer overflow condition exists in the IBM Tivoli Storage manager. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code. Description The IBM Tivoli Storage Manager TSM is a remote backup softwar...
Novell NetMail IMAP vulnerable to buffer overflow when processing command continuation requests
Overview A vulnerability in the way Novell Netmail handles IMAP command continuation requests may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell Netmail's IMAP server, imapd.exe, fails to properly check user input. A buffer overflow may occur when...
Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
Overview A vulnerability in the way Microsoft Internet Explorer handles certain script errors may lead to memory corruption that may allow remote execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability that could be exploited when handling...
Adobe Download Manager buffer overflow
Overview Adobe Download Manager contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to run arbitrary code with the privileges of the affected user or cause a denial-of-service condition. Description Adobe Download Manager ADM ADM is a utility that Adobe...
Google Mini and Google Search Appliance vulnerable to cross-site scripting
Overview Google Mini and Google Search Appliance fail to properly handle UTF-7 encoded URIs. This vulnerability may allow a remote attacker to read or modify data in web pages. Description Google Mini and Google Search Appliance fail to properly handle UTF-7 encoded URIs, possibly allowing a remo...
AOL YGP Pic Downloader Plugin ActiveX control buffer overflow
Overview The AOL YGP Pic Downloader ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL YGP You've Got Pictures Pic Downloader ActiveX control is a component that comes...
TIBCO Hawk Monitoring Agent vulnerable to buffer overflow via the configuration interface
Overview A vulnerability in the TIBCO Hawk Monitoring Agent configuration interface may allow a local attacker to execute arbitrary code with elevated privileges. Description TIBCO Hawk is a tool for monitoring and managing distributed applications and systems throughout an enterprise. A buffer...
EMC Retrospect Client buffer overflow vulnerability
Overview EMC Retrospect Client contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description EMC Retrospect Backup and Recovery Software EMC Retrospect is a is a backup and recovery application designed for small to medium...
Winny contains a buffer overflow
Overview Winny contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Winny also referred to as WinNY is a popular Japanese peer-to-peer file sharing application. A flaw exists in this program due t...
RealNetworks products vulnerable to buffer overflow via specially crafted flash media file
Overview Numerous RealNetworks products are vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...
PostgreSQL database privilege escalation vulnerability
Overview PostgreSQL fails to properly recover from errors. This may allow an authenticated attacker to gain elevated privileges on a PostgreSQL database. Description PostgreSQL Database PostgreSQL is an open source database management system. The Problem There is a vulnerability in the way that...
Microsoft Web Client Service vulnerable to buffer overflow
Overview A buffer overflow in the message handling routines of the Microsoft Web Client Service may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft, the Web Client Service:allows applications to access documents on the...
Cisco IOS heap integrity checks are insufficient
Overview Cisco Internetwork Operating System IOS may allow a heap-based buffer overflow vulnerability to execute arbitrary code after bypassing heap integrity checks. Description Cisco IOS contains functionality for checking the integrity of the heap, which is a specific region in memory where da...
VERITAS Backup Exec Remote Agent fails to properly validate authentication requests
Overview Backup Exec Remote Agent for Windows Servers contains a buffer overflow vulnerability due to incorrect validation on authentication requests. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup. The VERITAS Backup Exec Agent run...
Microsoft Windows Explorer vulnerable to script injection via the Web View DLL
Overview Windows Explorer is vulnerable to script injection via the Web View DLL. Exploitation of this vulnerability may lead to execution of arbitrary code. Description Windows Explorer uses the Web View DLL webvw.dll to display information about a selected file/folder file size, author, version...
Microsoft MSN Messenger GIF processing buffer overflow
Overview MSN Messenger clients before version 7.0 will allow remote attackers to take control of a computer if malicious GIF files are processed. Description Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with people using text messages, voice and vid...
NotifyLink administrative interface displays user passwords in clear text
Overview The NotifyLink web interface grants administrative users inappropriate access to private user password information. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The application consists of a PDA-specific...
Mozilla Mail vulnerable to buffer overflow via "writeGroup()" function in "nsVCardObj.cpp"
Overview Mozilla Mail contains a vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine with the privileges of the current user. Description Mozilla Mail contains a stack...
Apple Mac OS X CoreFoundation contains a buffer overflow vulnerability
Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications in...
Cisco IOS fails to properly handle telnet connections
Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability could allow remote attackers to prevent new connections to remote management services on a vulnerable device. Description Cisco IOS devices can be remotely managed using a number of...
Multiple Cisco ONS control cards fail to properly handle malformed TCP packets
Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...
Gaim contains an off-by-one buffer overflow vulnerability in the yahoo_decode() function
Overview There is an off-by-one buffer overflow vulnerability in the Gaim yahoodecode function. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger YMSG protocol...
Microsoft Windows Media Services fails to properly validate TCP requests
Overview Microsoft Windows Media Services fails to properly validate TCP requests which could allow a remote, unauthenticated attacker to cause the services to refuse new TCP connections. Description Microsoft Windows Media Services is an optional component that provides the ability to deliver...
Internet Security Systems' BlackICE and RealSecure contain a heap overflow in the processing of SMB packets
Overview Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user. Description...
Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets
Overview Microsoft Windows Internet Naming Service WINS fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition. Description The Windows Internet Naming Service WINS maps IP addresses to NETBIO...
pam_smb module contains remote buffer overflow
Overview The pamsmb module contains a remotely exploitable buffer overflow vulnerability. This module is used to authenticate users using an external Server Message Block SMB server. A remote attacker may be able to exploit this vulnerability to run arbitrary commands on the system. Description T...
Sendmail fails to appropriately initialize data structures for DNS maps
Overview There is an uninitialized data structure in sendmail 8.12.x rrdomain = smstrduphost; \t\tif rr-rrdomain == NULL \t\t A fix for this condition was made in sendmail 8.12.9 in March 2003, but it was not known to be a security issue at that time. --- Impact A remote attacker may be able to...
BEA WebLogic Server code execution paths may cause the current user to be incorrect
Overview A vulnerability in BEA WebLogic Server and Express may allow a local attacker to gain elevated privileges. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java...
Apache stops writing access/error logs after processing "Request-URI" containing "0x1A" characters
Overview A vulnerability in the logging of URI requests may permit a remote attacker to disable logging on an Apache HTTP Server. Version 1.3.27 on Windows systems is reported vulnerable to this issue. Description Apache HTTP Server 1.3.27 running on Win32 systems contains a vulnerability that...