Macromedia JRun ISAPI DLL filter vulnerable to buffer overflow via request for long Host header field

Overview A remotely exploitable buffer overflow exists in Macromedia's JRun version 3.1 on Win32 platforms. Description A remotely exploitable buffer overflow exists in the Win32 version of Macromedia's JRun version 3.1 on Win32 platforms.JRun is an application server that works with most popular...

SSHD allows users to override "AllowedAuthentications" configuration thereby permitting users to provide any type of authentication

Overview A remotely exploitable authentication vulnerability exists in the SSH Communications Security SSH Secure Shell server, and possibly other SSH servers. Description SSH is a program used to provide secure communications between hosts. Versions 3.0.0 - 3.1.1 of SSH Secure Shell for Servers...

Computer Associates MLink "mllock" command vulnerable to buffer overflow via long string of characters

Overview A locally exploitable buffer overflow exists in mllock. Description CA-MLINK is a managed data transport service. For more information about CA-MLINK, please see the product brochure. Based on a public report, it appears there is a locally exploitable buffer overflow in the mllock comman...

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Location header

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial of service or execute arbitrary code on the system...

AOL Instant Messenger exposes local file path during file transfers

Overview AOL Instant Messenger AIM disclose local file paths during transfer. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. When the file is transferred, the entire local pat...

AOL Instant Messenger buffer overflow in screename

Overview A buffer overflow exists in the AOL Instant Messenger AIM client versions 3.5.x and prior when accepting the screenname from the command line, or through the aim protocol. Description AIM installs a protocol on the machine that enables people to post links on their websites, or send them...

IBM AIX setclock buffer overflow in remote timeserver argument

Overview There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Description The setclock command sets the system's clock from a remote time server. This command contains a buffer overflow in the handling of the remote timeserver hostname...

Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL

Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...

IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the IBM WebSphere Java Servlet Container 3.5 and earlier are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated...

Microsoft Windows 2000 SMTP service fails to properly authenticate credentials of unauthorized user (MS01-037)

Overview A vulnerability exists in the SMTP service installed by default on Microsoft Windows 2000 Server and optionally on Windows 2000 professional that could allow an intruder to use the service to send mail. Description The Simple Mail Transfer Protocol SMTP is the standard protocol used to...

Teamware Office contains multiple vulnerabilities in LDAP handling code

Overview The Teamware Office suite contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the...

AT&T WinVNC server contains buffer overflow in Log.cpp

Overview A buffer overflow in the WinVNC server on Windows systems can allow an intruder to gain control of the VNC server and execute arbitrary code with the privileges of the user running the server. Description AT&T WinVNC is a free software package available from AT&T Labs Cambridge that allo...

Oliver Debon Flash plug-in vulnerable to buffer overflow processing incorrectly formatted sound file

Overview When passed an incorrectly formatted sound file, the Oliver Debon freeware Flash plug-in is reportedly vulnerable to a buffer overflow. Description The DefineSound tag in a sound file passes data to a Flash plug-in. If this tag specifies fewer samples than are actually present in the dat...

Older SSH clients do not allow users to disable X11 forwarding

Overview This vulnerability may allow an attacker to make unauthorized connections to affected client machines. Description Older versions of the SSH client do not allow the user to disable X11 forwarding. As a result, if the client connects to a malicious server, the server can open an X11...

Adobe Acrobat ActiveX Control buffer overflow in setview method

Overview Description The Adobe Acrobat ActiveX control has a buffer overflow in the setview method. Because the control is marked safe-for-scripting, this vulnerability can be exploited via a web page if the user has the vulnerable control installed.This control is implemtned in the file pdf.ocx...

Netgear httpd upgrade_check.cgi stack buffer overflow

Overview Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgradecheck.cgi, which may allow for unauthenticated remote code execution with root privileges. Description Many Netgear devices contain an embedded web server, which is provided by the httpd...

Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Overview A regular expressions C library originally written by Henry Spencer is vulnerable to a heap overflow in some circumstances. Description CWE-122: Heap-based Buffer Overflow From the researcher, the variable len that holds the length of a regular expression string is "enlarged to such an...

NETELLER Direct Payment API is not vulnerable to reported parameter manipulation

Overview NETELLER Direct Payment API version 4.1.6 and possibly earlier versions were reported to be vulnerable to parameter manipulation via a modified HTTP POST request. After further analysis and discussion with NETELLER, this report was found to be incorrect. The NETELLER Direct Payment API i...

Nuance PDF viewing products contain multiple vulnerabilities

Overview Nuance PDF viewing products contain multiple memory-corruption vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Nuance provides two similar PDF viewing products called PDF Reader and PDF Viewer Plus. Both of...

DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust

Overview DomainKeys Identified Mail DKIM Verifiers may inappropriately convey message trust when messages are signed using keys that are too weak 1024 bits or that are marked as test keys. Description RFC 6376 states "DomainKeys Identified Mail DKIM permits a person, role, or organization to clai...

Websense Content Gateway XSS vulnerabilities

Overview Websense Content Gateway contains XSS vulnerabilities. Description Websense Content Gateway contains the following post-authentication reflective XSS vulnerabilities within the menu and item parameter values in the /monitor/moverview.ink webpage. The reflective XSS reported allows for...

@Mail Open webmail client contains multiple vulnerabilities

Overview The @Mail Open 1.04 webmail client contains multiple vulnerabilities including; unrestricted upload of file with dangerous type CWE-434, relative path traversal CWE-23, external control of file name or path CWE-73, and information exposure CWE-200. Description The @Mail Open 1.04 webmail...

InduSoft NTWebServer web service stack-based buffer overflow

Overview InduSoft NTWebServer web service contains a stack-based buffer overflow vulnerability. Description According to InduSoft's website: "InduSoft Web Studio™ is a powerful collection of automation tools that provide all the automation building blocks to develop HMIs, SCADA systems and embedd...

Ecava IntegraXor stack-based buffer overflow vulnerability

Overview Ecava IntegraXor contains a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface HMI product that could allow the execution of arbitrary code. Description According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based...

Mozilla WOFF decoder integer overflow

Overview An integer overflow in the Mozilla Web Open Fonts Format WOFF decoder may allow a remote attacker to execute code on an affected system. Description The Web Open Fonts Format WOFF is a simple compressed file format for fonts. Mozilla introduced support for WOFF in the 1.9.2 branch of the...

Jetty HTTP server directory traversal vulnerability

Overview A vulnerability in the Jetty HTTP server could allow a remote attacker to gain access to files outside of the normal document tree. Description Jetty provides an HTTP server, HTTP client, and javax.servlet container. An error in the way canonical paths are interpreted in the HTTP server'...

Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX stack buffer overflows

Overview The Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies, which was formerly known as NCT...

AirSpan Base Station Distribution Unit default root password

Overview AirSpan Base Station Distribution Units may contain an undocumented telnet server that authenticates via a known password and is enabled by default. Description From the AirSpan MicroMax product page:The base station is highly modular in design and is composed of two main components: the...

GNOME Evolution format string vulnerability

Overview The GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code. Description Evolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.From Secunia Advisory SA29057: A...

OpenCA allows Cross site request forgery (XSRF)

Overview OpenCA contains a cross site request forgery XSRF vulnerability that may allow an attacker to leverage an administrator's creditials to exectue activities on the Certification Authority. Description The OpenCA PKI Development Project\t is an open source out-of-the-box Certification...

Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability

Overview Apple QuickTime contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition and possibly execute arbitrary code. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. Appl...

PhotoChannel Networks Photo Upload Plugin ActiveX control stack buffer overflows

Overview The PhotoChannel Networks Photo Upload Plugin ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description PNI Digital Media, which is a division of PhotoChannel Networks, provides pho...

Trend Micro ServerProtect RPC buffer overflows

Overview The Trend Micro ServerProtect fails to properly handle RPC requests. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Trend Micro ServerProtect is an anti-virus application that is designed to run on Microsoft Windows servers. Trend...

Trend Micro ServerProtect Agent service RPC stack-buffer overflow

Overview Trend Micro ServerProtect Agent service fails to properly handle RPC requests. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Trend Micro ServerProtect Agent service handles RPC Remote Procedure Calls RPC using port 3628/tcp. Th...

Computer Associates eTrust AntiVirus Server buffer overflow

Overview Computer Associates eTrust AntiVirus Server contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code, or create a denial of service condition. Description Computer Associates eTrust AntiVirus Server is an antivirus product distributed b...

Microsoft Internet Explorer vulnerable to remote code execution

Overview A vulnerability in the way Microsoft Internet Explorer instantiates COM objects may lead to execution of arbitrary code. Description Component Object Model, or COM objects, are used to enable interprocess communication and dynamic object creation within Microsoft Windows. Microsoft...

TWiki vulnerable to arbitrary code execution via CGI session files

Overview TWiki fails to protect the CGI session directory, which may allow an attacker to execute arbitrary code with the privileges of the web server. Description TWiki is a web-based collaborative publishing environment. TWiki creates CGI session files in the global /tmp directory, which is...

Clam AntiVirus fails to properly handle crafted Portable Executable (PE) files

Overview A vulnerability in the way Clam AntiVirus processes Portable Executable PE files may lead to execution of arbitrary code. Description Clam AntiVirus is a GPL virus scanner that has built-in support for for a number of file types including PE. According to iDefense Public Advisory:...

Apache mod_tcl module contains a format string error

Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...

Microsoft PowerPoint malformed record memory corruption

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens...

AOL YGP Pic Downloader Plugin ActiveX control buffer overflow

Overview The AOL YGP Pic Downloader ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL YGP You've Got Pictures Pic Downloader ActiveX control is a component that comes...

Microsoft Office fails to properly handle GIF images

Overview Microsoft Office applications fail to properly handle GIF images. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office applications fail to properly parse GIF images. When an Office document containing a malformed G...

TIBCO Hawk Monitoring Agent vulnerable to buffer overflow via the configuration interface

Overview A vulnerability in the TIBCO Hawk Monitoring Agent configuration interface may allow a local attacker to execute arbitrary code with elevated privileges. Description TIBCO Hawk is a tool for monitoring and managing distributed applications and systems throughout an enterprise. A buffer...

Secure Elements Class 5 AVR client fails to properly validate the size of EM_GET_CE_PARAMETER messages

Overview The Secure Elements Class 5 AVR client fails to properly handle the size of EMGETCEPARAMETER messages. This may allow an attacker to cause a buffer overflow and reveal process memory. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security...

Research in Motion (RIM) BlackBerry Attachment Service does not properly handle TIFF image files

Overview The Research in Motion RIM BlackBerry Attachment Service contains a vulnerability in the way the service handles TIFF files. By causing the service to render a specially crafted TIFF file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could cause a...

Symantec RAR decompression library contains multiple heap overflows

Overview The Symantec RAR decompression library Dec2RAR.dll contains multiple heap buffer overflows. Using a specially crafted RAR archive, a remote attacker could execute arbitrary code or cause a denial of service. Description Symantec AntiVirus and other security products use a library to...

Apple Mac OS X Foundation Framework vulnerable to buffer overflow via incorrect handling of an environmental variable

Overview A buffer overflow in Mac OS X Foundation Framework's processing of environment variables may lead to elevated privileges. Description A vulnerability is present Mac OS X Foundation Framework shipped in version 10.3.9 of Mac OS X and Mac OSX Server. There is a flaw in the handling of...

Microsoft Windows Explorer vulnerable to script injection via the Web View DLL

Overview Windows Explorer is vulnerable to script injection via the Web View DLL. Exploitation of this vulnerability may lead to execution of arbitrary code. Description Windows Explorer uses the Web View DLL webvw.dll to display information about a selected file/folder file size, author, version...

Microsoft Windows contains an unchecked buffer in the NetDDE services

Overview A vulnerability in the Network Dynamic Data Exchange service for Microsoft Windows could allow an attacker to compromise the affected system. Description Microsoft's Network Dynamic Data Exchange NetDDE is a communication protocol that allows two Windows applications to communicate with...

Multiple memory leak vulnerabilities in isakmpd

Overview Multiple memory handling vulnerabilities exist in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security...