3704 matches found
Cisco Secure ACS for Windows CSAdmin vulnerable to buffer overflow via login requests
Overview Cisco Secure ACS for Windows contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service. Description Cisco Secure ACS for Windows is an authentication, authorization, and accounting AAA server. From Cisco Security...
RealSystem Server contains buffer overflow
Overview A buffer overflow vulnerability exists in the RealSystem Server. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable host. An exploit exists for this vulnerability and is publicly available. Description RealSystem Server is a streaming media server. A...
mkpasswd uses weak random number generator
Overview Mkpasswd generates passwords that are insufficiently random. Description Mkpasswd is a password generation utility included with Red Hat Linux and possibly other Linux distributions. Mkpasswd generates passwords that are not sufficiently random, which may allow an attacker to predict...
NetPBM contains multiple buffer overflow vulnerabilities
Overview NetPBM is a set of graphics conversion tools and has been found to contain multiple buffer overflow vulnerabilities. Description A code review of NetPBM has revealed multiple buffer overflow vulnerabilities. These vulnerabilities could be exploited by loading malicious image files. ---...
Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters
Overview The Help and Support Center included with Microsoft Windows Millennium Edition and XP does not adequately validate parameters provided in an "hcp://" URI. As a result, an attacker could construct a URI that could cause the Help and Support Center to execute arbitrary script, effectively...
Hyperseek 2000 hsx.cgi does not adequately filter user input disclosing directory listings and file contents
Overview iWeb Systems Hyperseek search engine may allow malformed URL requests to access files outside the document root of a vulnerable system. Description A specially crafted URL can disclose the directory listing and files of the target system with read permissions. --- Impact Remote attackers...
AbsoluteTelnet vulnerable to buffer overflow via overly long window title
Overview A remotely exploitable buffer overflow vulnerability exists in AbsoluteTelnet. This vulnerability may allow a malicious server operator to execute arbitrary code on a vulnerable client. Description AbsoluteTelnet is a terminal client. A remotely exploitable buffer overflow vulnerability...
Multiple Sun RPC-based libc implementations fails to provide time-out mechanism when reading data from TCP connections
Overview A denial-of-service vulnerability exists in multiple vendor Sun RPC-based libc implementations. Description Multiple vendor Sun RPC-based libc implementations fail to properly read data from TCP connections. As a result, a remote attacker can deny service to system daemons. --- Impact A...
Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow
Overview DNS stub resolvers from multiple vendors contain a buffer overflow vulnerability. The impact of this vulnerability appears to be limited to denial of service. Description A read buffer overflow vulnerability exists in BIND 4 and BIND 8.2.x stub resolver libraries. Other resolver librarie...
SIX-webboard does not adequately validate user input thereby permitting directory traversal
Overview SIX-webboard does not adequately validate user input, allowing directory traversal. Description SIX-webboard 2.01 does not adequately validate the "content" CGI variable, allowing directory traversal out of SIX-webboard's content root directory. Attackers may exploit this vulnerability t...
Microsoft Windows Media Player ActiveX control allows execution of javascript in "already open" frames
Overview A vulnerability in the Windows Media Player may allow remote attackers to view the contents of local files on the victim's computer. Description Using the "LaunchURL" method of the Windows Media Player ActiveX control, a web page author may be able to circumvent the frame security featur...
Novell GroupWise Server web-based front-end does not adequately validate user input thereby allowing directory traversal
Overview Novell GroupWise web application does not adequately validate user input, allowing directory traversal. Description Novell GroupWise server includes a web application that allows users to access e-mail and other features of the server. This component of GroupWise does not properly valida...
Microsoft Windows 2000 Indexing Service permits read access to files outside web root via crafted request
Overview A vulnerability exists in the way that Index Server 2.0 and the Indexing Service for Windows 2000 handles search requests. This vulnerability may alllow attackers to view the contents of "include" files located on the web server. Description By submitting a specific search request to a...
Allaire Forums does not verify user information stored in hidden form fields
Overview Allaire Forums does not verify user information submitted in hidden fields on a web form, allowing attackers to impersonate other users. Description Allaire Forums is a web-based bulletin board system that runs on Cold Fusion. When a user wishes to post a message, Allaire Forums...
Nobreak CrazyWWWBoard contains buffer overflow via User-Agent field
Overview Some versions of CrazyWWWBoard contain a buffer-overflow vulnerability that can be exploited by a remote user to execute arbitrary code. Description CrazyWWWBoard is a binary CGI program that is designed to provide dynamic web bulletin board services on web servers. Versions 2000p4 and...
HP Tru64 UNIX ".upd..loader" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of ".upd..loader" contains a locally exploitable buffer overflow. Description A locally exploitable buffer overflow in ".upd..loader" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. --- Impact A loc...
HP Tru64 UNIX "binmail" contains buffer overflow (SSRT0796U)
Overview The HP Tru64 UNIX implementation of "binmail" contains a locally exploitable buffer overflow. Description "binmail" is used to send and display mail messages. A locally exploitable buffer overflow in "binmail" may permit a local attacker to gain elevated privileges and execute arbitrary...
Microsoft Office Web Components allows reading of local files via "LoadText" method by using URL redirection
Overview The Microsoft Office Web Components allow a remote attacker to read arbitrary files. Description The Microsoft Office Web Components OWC are ActiveX controls that can be embedded in web pages. These controls give users of a website limited Microsoft Office functionality, without having t...
Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum3 transaction
Overview Microsoft Server Message Block SMB may crash upon receipt of a crafted SMBCOMTRANSACTION packet requesting a NetServerEnum3 transaction. Attackers can use this vulnerability to cause a denial of service. Description SMB is a protocol for sharing data and resources between computers,...
eBay web site allows intruders to login to gain unauthorized access to user's information
Overview Ebay www.ebay.comis a popular online auction site. A vulnerability in the ebay web site prior to April 24, 2002, could have allowed an intruder to gain access to a victim's personal data. Description Prior to April 24, 2002, an intruder may have been able to gain access to certain person...
Snitz Forums 2000 vulnerable to cross-site scripting via crafted IMG tag
Overview Snitz Forums 2000 does not adequately check "IMG" tag "SRC" attributes and thus contains cross-site scripting vulnerability. Description Snitz Forums is an automated bulletin-board program for web sites. Snitz Forums allows users to submit images by specifying the URL of the image. In...
Computer Associates MLink "mllock" command vulnerable to buffer overflow via long string of characters
Overview A locally exploitable buffer overflow exists in mllock. Description CA-MLINK is a managed data transport service. For more information about CA-MLINK, please see the product brochure. Based on a public report, it appears there is a locally exploitable buffer overflow in the mllock comman...
AOL Instant Messenger exposes local file path during file transfers
Overview AOL Instant Messenger AIM disclose local file paths during transfer. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. When the file is transferred, the entire local pat...
IBM AIX login fails to adequately authenticate user when configured to use loadable authentication modules
Overview There is a remotely exploitable flaw in IBM's AIX 5.1L login when using loadable authentication modules. This does not affect AIX 4.3 and earlier. Description IBM AIX 5.1L login, with loadable authentication modules enabled and some non-default configurations, will permit users to login...
RhinoSoft Serv-U remote administration client transmits password in plaintext
Overview A vulnerability exists in the remote administration client for RhinoSoft Serv-U. During the authentication process, the client ignores the S/KEY one-time password OTP challenge sent by the server and sends the password entered by the user in plaintext. Description RhinoSoft Serv-U is a...
WS-FTP Server vulnerable to buffer overflow via long string sent as argument to ftp command
Overview A remotely exploitable buffer overflow exists in the IPSWITCH WSFTP Server. Description Defcom Labs has discovered a remotely exploitable buffer overflow vulnerability in the IPSWITCH WSFTP Server on all platforms that allows intruders to execute arbitrary code with the privileges of the...
exuberant-ctags creates temporary files insecurely
Overview Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service. Description Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable nam...
Linux dump uses environment variables insecurely, allowing for root compromise
Overview Some implementations of the Linux backup utility, dump, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if dump is setuid root. Description Some implementations of the Linux backup utility, dump, permit use of...
Allaire ColdFusion Server contains vulnerability allowing unauthorized user read/delete access to files
Overview A vulnerability exists in Allaire ColdFusion Server which allows an attacker to have unauthorized read and delete access to files on the target host. Description A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to have unauthorize...
UUCP package contains multiple buffer overflows via long string of characters sent as command line argument
Overview Several Linux/Unix systems ship with a utility package called UUCP derived from System V. A buffer overflow in components of the UUCP package can allow an intruder to gain elevated privileges. Description Several Linux/Unix systems ship with a utility package called UUCP derived from...
Caucho Technologies Resin vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web servers that use the Resin Java Servlet Container, versions 1.2.3 and earlier, are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidat...
Microsoft Exchange LDAP Service is vulnerable to denial-of-service attacks
Overview The Microsoft Exchange LDAP Service contains vulnerabilities that may allow denial-of-service attacks. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, the CERT/CC encourages you to foll...
man 'makewhatis' insecurely uses /tmp
Overview The 'makewhatis' script in the Linux man package allows local users to overwrite files via a symlink attack. Description The 'makewhatis' program is a Bourne shell script that ships with many Linux distributions in the 'man' package of programs. The 'makewhatis' script creates files in t...
NewsDaemon does not adequately filter user input to $user_username
Overview NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. Description NewsDaemon is a PHP-based tool used to allow readers to submit and comments on news items and stories over the web. It also allows for...
Hewlett-Packard MPE/ix contains vulnerabitily via architected interface facility
Overview A vulnerability in certain Hewlett-Packard systems allows users to gain unauthorized access to user accounts and databases using the architected interface facility. Description HP3000 systems running MPE/iX release 5.5 and newer contain a vulnerability in the architected interface facili...
iPlanet web servers expose sensitive data via buffer overflow
Overview A buffer overflow exists in the iPlanet Web Servers Enterprise and FastTrack Editions that may allow remote attackers to gain read access to sensitive information contained in the memory of the web server process. The information disclosed may include userids, passwords, cookies or...
Compaq web-enabled management software acts as generic proxy
Overview Remote attackers may be able to relay connections through systems running the Compaq web-enabled management software. Attackers relaying connection in this way may be able to access restricted portions of the network or disguise their identity while attacking other systems. Many Compaq...
Older SSH clients do not allow users to disable X11 forwarding
Overview This vulnerability may allow an attacker to make unauthorized connections to affected client machines. Description Older versions of the SSH client do not allow the user to disable X11 forwarding. As a result, if the client connects to a malicious server, the server can open an X11...
Cenroll ActiveX Control allows creation of arbitrary files.
Overview The ActiveX control Cenroll permits unauthorized users to create files on the local system. Description The ActiveX control "Cenroll" clsid: 43F8F289-7A20-11D0-8F06-00C04FC295E1, which is ordinarily marked safe-for-scripting allows callers to create files and write to the registry with t...
Adobe Acrobat ActiveX Control buffer overflow in setview method
Overview Description The Adobe Acrobat ActiveX control has a buffer overflow in the setview method. Because the control is marked safe-for-scripting, this vulnerability can be exploited via a web page if the user has the vulnerable control installed.This control is implemtned in the file pdf.ocx...
Paragon Software Hard Disk Manager product line contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks
Overview The Paragon Software Hard Disk Manager HDM product line contains a vulnerable driver titled BioNTdrv.sys. The driver, versions 10.1.X.Y and older, 1.0.0.0, 1.1.0.0, 1.3.0.0, 1.4.0.0, and 1.5.1.0, contain five vulnerabilities. These include arbitrary kernel memory mapping and write...
A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server
Overview A stack-based overflow vulnerability exists in the tinydhcp server in the Microchip Advanced Software Framework ASF that can lead to remote code execution. Description An implementation of DHCP in ASF fails input validation, thereby creating conditions for a stack-based overflow. The...
D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
Overview The D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass of the remote login page, and do not sufficiently protect administrator credentials. Description The D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12, are vulnerable to the following:CWE-294:...
Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Overview A regular expressions C library originally written by Henry Spencer is vulnerable to a heap overflow in some circumstances. Description CWE-122: Heap-based Buffer Overflow From the researcher, the variable len that holds the length of a regular expression string is "enlarged to such an...
Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication
Overview Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data. Description CWE-319: Cleartext Transmission of Sensitive Information Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data between the client and server. It has been...
IBM Notes Traveler for Android transmits user credentials over HTTP
Overview The IBM Notes Traveler application for Android does not enforce the use of HTTPS for transmitting user credentials, which can allow an attacker to obtain this information. Description IBM Notes Traveler formerly known as Lotus Notes Traveler is an application that allows access to email,...
F5 ARX Data Manager contains a SQL injection vulnerability
Overview F5 ARX Data Manager 3.0.0 - 3.1.0 contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command F5 ARX Data Manager 3.0.0 - 3.1.0 contains an unspecified SQL injection vulnerability. --- Impact A remote authenticated attack...
Lexmark laser printers contain multiple vulnerabilities
Overview Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks. Description CWE-620: Unverified Password Change - CVE-2013-6032Certain models of Lexmark laser printers and MarkNet devices are vulnerable to an attack which allows a remote...
Nuance PDF viewing products contain multiple vulnerabilities
Overview Nuance PDF viewing products contain multiple memory-corruption vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Nuance provides two similar PDF viewing products called PDF Reader and PDF Viewer Plus. Both of...
Netgear FVS318N router default remote management vulnerability
Overview Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router's remote management feature is enabled by default. Description Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router allows remote WAN internet users access to the administrator web interface of the...