JetboxOne may allow unauthorized users to execute arbitrary code

Overview Lack of input validation in JetboxOne version 2.0.8 allows an user to upload arbitrary files to the vulnerable system. This could lead to the execution of arbitrary code. Description JetboxOne, an open-source content management system, could allow an attacker with "AUTHOR" privileges to...

Cisco CatOS TCP ACK handling vulnerability

Overview A vulnerability in Cisco CatOS may allow a remote attacker to cause a denial of service on an affected device. Description Cisco's CatOS is an operating system that runs on some Cisco Catalyst switch products. A vulnerability in the way that TCP services on CatOS handle malformed...

Multiple Symantec firewall products contain a heap corruption vulnerability in the handling of NBNS response packets

Overview There is a heap corruption vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted NetBIOS Name Service NBNS response packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. Description Symante...

BEA WebLogic Server fails to properly associate re-created groups

Overview WebLogic Server contains a vulnerability that could result in the creation of new groups inheriting the privileges of a previously deleted group if members of the deleted group still exist. Description BEA Systems describes WebLogic Server as "an industrial-strength application...

Sun Solaris SSH Daemon fails to properly log client IP addresses

Overview The Sun Solaris Secure Shell Daemon sshd may incorrectly log client IP addresses. Description SSH is a program used to provide secure connection and communications between client and servers. Upon connecting to the service, the client's IP address is logged. There is a vulnerability in t...

HAHTsite Scenario Server fails to handle overly long URLs

Overview HAHTsite Scenario Server fails to properly handle HTTP requests containing an overly long "project name". Description HAHTsite Scenario Server is an e-Business platform that consists of a web application server and web development environment. There is a buffer overflow vulnerability in...

F-Secure Anti-Virus for Linux fails to properly detect Sober.D virus

Overview F-Secure Anti-Virus for Linux contains a flaw that may prevent it from properly detecting the Sober.D virus. A hotfix for this vulnerability has been released. Description F-Secure Anti-Virus version 4.52 for Linux contains a flaw that may prevent it from properly detecting the Sober.D...

Microsoft Windows Media Services fails to properly validate TCP requests

Overview Microsoft Windows Media Services fails to properly validate TCP requests which could allow a remote, unauthenticated attacker to cause the services to refuse new TCP connections. Description Microsoft Windows Media Services is an optional component that provides the ability to deliver...

Portable OpenSSH server PAM conversion stack corruption

Overview There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM conversion stack. Description The Portable OpenSSH server contains a vulnerability that may permit an attacker to corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that the...

pam_smb module contains remote buffer overflow

Overview The pamsmb module contains a remotely exploitable buffer overflow vulnerability. This module is used to authenticate users using an external Server Message Block SMB server. A remote attacker may be able to exploit this vulnerability to run arbitrary commands on the system. Description T...

BEA WebLogic Server code execution paths may cause the current user to be incorrect

Overview A vulnerability in BEA WebLogic Server and Express may allow a local attacker to gain elevated privileges. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed Java...

Apache stops writing access/error logs after processing "Request-URI" containing "0x1A" characters

Overview A vulnerability in the logging of URI requests may permit a remote attacker to disable logging on an Apache HTTP Server. Version 1.3.27 on Windows systems is reported vulnerable to this issue. Description Apache HTTP Server 1.3.27 running on Win32 systems contains a vulnerability that...

Cisco VPN 3000 Concentrator vulnerable to DoS via large number of malformed ICMP packets

Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to cause a denial of service. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed to provide secure...

Microsoft Windows Virtual Machine (VM) ByteCode Verifier fails to properly check Java applets for malicious code

Overview The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. Description The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder coul...

mkpasswd uses weak random number generator

Overview Mkpasswd generates passwords that are insufficiently random. Description Mkpasswd is a password generation utility included with Red Hat Linux and possibly other Linux distributions. Mkpasswd generates passwords that are not sufficiently random, which may allow an attacker to predict...

Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters

Overview The Help and Support Center included with Microsoft Windows Millennium Edition and XP does not adequately validate parameters provided in an "hcp://" URI. As a result, an attacker could construct a URI that could cause the Help and Support Center to execute arbitrary script, effectively...

Web servers enable HTTP TRACE method by default

Overview The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Description The HTTP...

NetScreen Secure Command Shell (SCS) denial-of-service vulnerability

Overview The Secure Command Shell service on NetScreen firewall products contains a remotely exploitable denial-of-service vulnerability. Description Firewall products from NetScreen Technologies, Inc. include a Secure Shell version 1 SSHv1 implementation called Secure Command Shell SCS. The SCS...

Novell GroupWise Server web-based front-end does not adequately validate user input thereby allowing directory traversal

Overview Novell GroupWise web application does not adequately validate user input, allowing directory traversal. Description Novell GroupWise server includes a web application that allows users to access e-mail and other features of the server. This component of GroupWise does not properly valida...

SIX-webboard does not adequately validate user input thereby permitting directory traversal

Overview SIX-webboard does not adequately validate user input, allowing directory traversal. Description SIX-webboard 2.01 does not adequately validate the "content" CGI variable, allowing directory traversal out of SIX-webboard's content root directory. Attackers may exploit this vulnerability t...

PGPMail.pl does not adequately validate user input thereby allowing arbitrary command execution

Overview PGPMail.pl does not adequately filter user input, allowing arbitrary command execution. Description PGPMail.pl is an adaptation of the FormMail.pl CGI script, enhanced to use PGP encryption. PGPMail.pl does not adequately filter the "recipient" and "pgpuserid" CGI variables before passin...

Microsoft Windows Media Player ActiveX control allows execution of javascript in "already open" frames

Overview A vulnerability in the Windows Media Player may allow remote attackers to view the contents of local files on the victim's computer. Description Using the "LaunchURL" method of the Windows Media Player ActiveX control, a web page author may be able to circumvent the frame security featur...

Microsoft Windows 2000 Indexing Service permits read access to files outside web root via crafted request

Overview A vulnerability exists in the way that Index Server 2.0 and the Indexing Service for Windows 2000 handles search requests. This vulnerability may alllow attackers to view the contents of "include" files located on the web server. Description By submitting a specific search request to a...

HP Tru64 UNIX "lpr" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "lpr" contains a locally exploitable buffer overflow. Description "lpr" is used to send files to a print spool. A locally exploitable buffer overflow in "lpr" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...

Buffer-overflow vulnerability in Midnight Commander

Overview The mcedit component of some versions of Midnight Commander contains a buffer-overflow vulnerability. Description Midnight Commander is a file manager for open source operating systems, distributed under the GNU General Public License GPL. In version 4.5.1 of Midnight Commander, the mced...

Real Networks RealONE Player vulnerable to arbitrary command execution via crafted html in the skin file

Overview RealNetwork's RealJukebox and RealONE Gold players are media applications that permit users to stream audio and video from local and internet sources. A vulnerability exists in the applications that could permit the execution of arbitrary commands by a remote attacker. Description...

Snitz Forums 2000 vulnerable to cross-site scripting via crafted IMG tag

Overview Snitz Forums 2000 does not adequately check "IMG" tag "SRC" attributes and thus contains cross-site scripting vulnerability. Description Snitz Forums is an automated bulletin-board program for web sites. Snitz Forums allows users to submit images by specifying the URL of the image. In...

sudo vulnerable to heap corruption via -p parameter

Overview Sudo is susceptible to a locally exploitable heap overflow vulnerability. Description Sudo is a common utility used to allow a system administrator to give users or groups of users rights to run certain programs as root or as another user. A locally exploitable heap overflow can lead to...

IBM AIX login fails to adequately authenticate user when configured to use loadable authentication modules

Overview There is a remotely exploitable flaw in IBM's AIX 5.1L login when using loadable authentication modules. This does not affect AIX 4.3 and earlier. Description IBM AIX 5.1L login, with loadable authentication modules enabled and some non-default configurations, will permit users to login...

Microsoft SQL Server and Microsoft Data Engine (MSDE) ship with a null default password

Overview Microsoft SQL Server and Microsoft Data Engine ship with a null default password on the administrative account sa. If the system administrator does not set the password, the system may be vulnerable to attack. Description Microsoft SQL Server MS SQL and Microsoft Data Engine MSDE ship...

RhinoSoft Serv-U remote administration client transmits password in plaintext

Overview A vulnerability exists in the remote administration client for RhinoSoft Serv-U. During the authentication process, the client ignores the S/KEY one-time password OTP challenge sent by the server and sends the password entered by the user in plaintext. Description RhinoSoft Serv-U is a...

Compaq Insight Manager XE buffer overflow in SNMP and DMI functionality

Overview The Compaq web-enabled management software contains a buffer overflow in the SNMP and DMI functionality. Remote intruders may be able to execute arbitrary code with privileges on affected systems. All versions of Compaq Insight Manager XE are affected, but Compaq Insight Manager windows...

WS-FTP Server vulnerable to buffer overflow via long string sent as argument to ftp command

Overview A remotely exploitable buffer overflow exists in the IPSWITCH WSFTP Server. Description Defcom Labs has discovered a remotely exploitable buffer overflow vulnerability in the IPSWITCH WSFTP Server on all platforms that allows intruders to execute arbitrary code with the privileges of the...

exuberant-ctags creates temporary files insecurely

Overview Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service. Description Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable nam...

Beck GmbH IPC@CHIP HTTPD vulernable to arbitrary file disclosure

Overview The Beck IPC@CHIP web server permits intruders to access files outside the web root. Description The Beck IPC@CHIP is a single chip embedded webserver. The Web Server's root directory is set to / by default. Because of this default setting, an attacker can download arbitrary files from a...

Outlook Web Access (OWA) executes scripts contained in email attachment opened via Microsoft Internet Explorer (IE)

Overview Microsoft Outlook Web Access OWA can run malicious scripts on an Exchange server when Internet Explorer IE users open email attachments. Description OWA allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser. When IE users acces...

Linux dump uses environment variables insecurely, allowing for root compromise

Overview Some implementations of the Linux backup utility, dump, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if dump is setuid root. Description Some implementations of the Linux backup utility, dump, permit use of...

Allaire ColdFusion Server contains vulnerability allowing unauthorized user read/delete access to files

Overview A vulnerability exists in Allaire ColdFusion Server which allows an attacker to have unauthorized read and delete access to files on the target host. Description A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to have unauthorize...

UUCP package contains multiple buffer overflows via long string of characters sent as command line argument

Overview Several Linux/Unix systems ship with a utility package called UUCP derived from System V. A buffer overflow in components of the UUCP package can allow an intruder to gain elevated privileges. Description Several Linux/Unix systems ship with a utility package called UUCP derived from...

Microsoft Exchange LDAP Service is vulnerable to denial-of-service attacks

Overview The Microsoft Exchange LDAP Service contains vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to foll...

man 'makewhatis' insecurely uses /tmp

Overview The 'makewhatis' script in the Linux man package allows local users to overwrite files via a symlink attack. Description The 'makewhatis' program is a Bourne shell script that ships with many Linux distributions in the 'man' package of programs. The 'makewhatis' script creates files in t...

NewsDaemon does not adequately filter user input to $user_username

Overview NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. Description NewsDaemon is a PHP-based tool used to allow readers to submit and comments on news items and stories over the web. It also allows for...

Hewlett-Packard MPE/ix contains vulnerabitily via architected interface facility

Overview A vulnerability in certain Hewlett-Packard systems allows users to gain unauthorized access to user accounts and databases using the architected interface facility. Description HP3000 systems running MPE/iX release 5.5 and newer contain a vulnerability in the architected interface facili...

Compaq web-enabled management software acts as generic proxy

Overview Remote attackers may be able to relay connections through systems running the Compaq web-enabled management software. Attackers relaying connection in this way may be able to access restricted portions of the network or disguise their identity while attacking other systems. Many Compaq...

KTH Kerberos filesystem race condition on tickets stored in /tmp

Overview There may be a race condition during the creation of Kerberos ticket files in the /tmp directory. This race condition may allow intruders with local access to the system to gain root privileges. Description During the creation of ticket files in the /tmp directory, a sequence of calls...

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials

Overview The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials. Description The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:CWE-294:...

Little CMS 2 DefaultICCintents double-free vulnerability

Overview Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Little CMS is an open-source color management engine that supports the International Color...

Dell Foundation Services installs root certificate and private key (eDellRoot)

Overview Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...

Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication

Overview Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data. Description CWE-319: Cleartext Transmission of Sensitive Information Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data between the client and server. It has been...

CA LISA Release Automation contains multiple vulnerabilities

Overview CA LISA Release Automation 4.7.1.385 contains multiple vulnerabilities Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2014-8246CA LISA Release Automation 4.7.1.385 contains a global Cross-Site Request Forgery CSRF vulnerability. The application allows a malicious user to...