3704 matches found
Tamarack MMSd components fail to properly handle malformed packets
Overview Tamarack MMSd components do not properly handle malformed RFC 1006 packets. This vulnerability may allow a remote, unauthenticated attacker to cause a denial of service condition. Description ISO Transport Service over TCP TPKT, RFC 1006 RFC 1006 specifies how to run the OSI transport...
Microsoft DHCP Client service contains a buffer overflow
Overview Microsoft DHCP Client service contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Dynamic Host Configuration Protocol DHCP As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provides...
Secure Elements Class 5 AVR server fails to properly authenticate session start messages
Overview The Secure Elements Class 5 AVR server fails to properly authenticate "session start" messages. This may allow an attacker to cause the server to initiate TCP connections to arbitrary destinations, which can cause a denial of service to both the server and the specified target. Descripti...
Secure Elements Class 5 AVR client fails to properly validate the size of EM_GET_CE_PARAMETER messages
Overview The Secure Elements Class 5 AVR client fails to properly handle the size of EMGETCEPARAMETER messages. This may allow an attacker to cause a buffer overflow and reveal process memory. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security...
Winny contains a buffer overflow
Overview Winny contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Winny also referred to as WinNY is a popular Japanese peer-to-peer file sharing application. A flaw exists in this program due t...
Research in Motion (RIM) BlackBerry Attachment Service does not properly handle TIFF image files
Overview The Research in Motion RIM BlackBerry Attachment Service contains a vulnerability in the way the service handles TIFF files. By causing the service to render a specially crafted TIFF file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could cause a...
Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution
Overview Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level root privileges. Description Extreme Network switches running ExtremeWare XOS contain...
Exim vulnerable to buffer overflow via the dns_build_reverse() routine
Overview The Exim Mail Transfer Agent MTA contains a buffer overflow that allows a local attacker to execute arbitrary code. Description Exim MTA is an open-source mail transport agent distributed by the University of Cambridge. A lack of input validation on user supplied data may allow a buffer...
Cisco IOS fails to properly handle malformed DHCP packets
Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. Description The Dynamic Host Configuration Protocol DHCP provides a means for distributing...
sudoedit can expose protected file contents
Overview Sudo's -e option sudoedit improperly handles temporary files, allowing an attacker to read files that would otherwise be inaccessible. Description Sudo is a utility that allows specific users to run certain commands as root. Beginning with version 1.6.8, sudo provides safe editing...
Microsoft Windows contains an unchecked buffer in the NetDDE services
Overview A vulnerability in the Network Dynamic Data Exchange service for Microsoft Windows could allow an attacker to compromise the affected system. Description Microsoft's Network Dynamic Data Exchange NetDDE is a communication protocol that allows two Windows applications to communicate with...
Multiple memory leak vulnerabilities in isakmpd
Overview Multiple memory handling vulnerabilities exist in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security...
JetboxOne may allow unauthorized users to execute arbitrary code
Overview Lack of input validation in JetboxOne version 2.0.8 allows an user to upload arbitrary files to the vulnerable system. This could lead to the execution of arbitrary code. Description JetboxOne, an open-source content management system, could allow an attacker with "AUTHOR" privileges to...
Cisco Transaction Language 1 (TL1) interface fails to properly validate accounts with blank passwords
Overview There is a vulnerability in the Cisco Transaction Language 1 TL1 login interface that could allow a remote attacker to gain access to a Cisco ONS device. Description Transaction Language 1 TL1 is a widely used telecommunications management protocol. A default account, CISCO15, contains a...
BEA WebLogic Server fails to properly associate re-created groups
Overview WebLogic Server contains a vulnerability that could result in the creation of new groups inheriting the privileges of a previously deleted group if members of the deleted group still exist. Description BEA Systems describes WebLogic Server as "an industrial-strength application...
Sun Solaris SSH Daemon fails to properly log client IP addresses
Overview The Sun Solaris Secure Shell Daemon sshd may incorrectly log client IP addresses. Description SSH is a program used to provide secure connection and communications between client and servers. Upon connecting to the service, the client's IP address is logged. There is a vulnerability in t...
HAHTsite Scenario Server fails to handle overly long URLs
Overview HAHTsite Scenario Server fails to properly handle HTTP requests containing an overly long "project name". Description HAHTsite Scenario Server is an e-Business platform that consists of a web application server and web development environment. There is a buffer overflow vulnerability in...
Cisco WLSE and HSE devices contain hardcoded username and password
Overview A default account with a common username and password exists in two Cisco products. An attacker with knowledge of this account information can compromise any of these devices on the network. Description A default account with a known, fixed username and password combination exists in som...
F-Secure Anti-Virus for Linux fails to properly detect Sober.D virus
Overview F-Secure Anti-Virus for Linux contains a flaw that may prevent it from properly detecting the Sober.D virus. A hotfix for this vulnerability has been released. Description F-Secure Anti-Virus version 4.52 for Linux contains a flaw that may prevent it from properly detecting the Sober.D...
Apple Mac OS X Safari fails to properly display URLs in the status bar
Overview Apple Mac OS X Safari fails to properly display URLs in the status bar. Description Safari is a web browser for the Macintosh platform. There is an unspecified vulnerability in the way Safari displays URLs in the status bar. --- Impact The complete impact of this vulnerability is not yet...
Portable OpenSSH server PAM conversion stack corruption
Overview There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM conversion stack. Description The Portable OpenSSH server contains a vulnerability that may permit an attacker to corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that the...
Sendmail fails to appropriately initialize data structures for DNS maps
Overview There is an uninitialized data structure in sendmail 8.12.x rrdomain = smstrduphost; \t\tif rr-rrdomain == NULL \t\t A fix for this condition was made in sendmail 8.12.9 in March 2003, but it was not known to be a security issue at that time. --- Impact A remote attacker may be able to...
Sun ONE/iPlanet Web Server vulnerable to DoS
Overview A vulnerability in the SunOne/iPlanet Web Server may allow a remote attacker to cause a denial of service. Description The SunOne/iPlanet Web Server contains a vulnerability which may allow a remote attacker to disrupt the normal operation of the web server. This vulnerability is only...
Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters
Overview The Help and Support Center included with Microsoft Windows Millennium Edition and XP does not adequately validate parameters provided in an "hcp://" URI. As a result, an attacker could construct a URI that could cause the Help and Support Center to execute arbitrary script, effectively...
NetScreen Secure Command Shell (SCS) denial-of-service vulnerability
Overview The Secure Command Shell service on NetScreen firewall products contains a remotely exploitable denial-of-service vulnerability. Description Firewall products from NetScreen Technologies, Inc. include a Secure Shell version 1 SSHv1 implementation called Secure Command Shell SCS. The SCS...
Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow
Overview DNS stub resolvers from multiple vendors contain a buffer overflow vulnerability. The impact of this vulnerability appears to be limited to denial of service. Description A read buffer overflow vulnerability exists in BIND 4 and BIND 8.2.x stub resolver libraries. Other resolver librarie...
HP Tru64 UNIX "lpr" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "lpr" contains a locally exploitable buffer overflow. Description "lpr" is used to send files to a print spool. A locally exploitable buffer overflow in "lpr" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
Buffer-overflow vulnerability in Midnight Commander
Overview The mcedit component of some versions of Midnight Commander contains a buffer-overflow vulnerability. Description Midnight Commander is a file manager for open source operating systems, distributed under the GNU General Public License GPL. In version 4.5.1 of Midnight Commander, the mced...
Sun iPlanet and ONE Web Servers contain a buffer overflow in the search engine
Overview The Sun iPlanet Web Server and Sun ONE Web Server both ship with a search engine that is not enabled by default. A remotely exploitable buffer overflow exists in the search engine that could permit an attacker to execute arbitrary code on the system. Description The Sun iPlanet Web Serve...
Real Networks RealONE Player vulnerable to arbitrary command execution via crafted html in the skin file
Overview RealNetwork's RealJukebox and RealONE Gold players are media applications that permit users to stream audio and video from local and internet sources. A vulnerability exists in the applications that could permit the execution of arbitrary commands by a remote attacker. Description...
sudo vulnerable to heap corruption via -p parameter
Overview Sudo is susceptible to a locally exploitable heap overflow vulnerability. Description Sudo is a common utility used to allow a system administrator to give users or groups of users rights to run certain programs as root or as another user. A locally exploitable heap overflow can lead to...
Oracle9i Application Server allows unauthenticated access to PL/SQL applications via alternate Database Access Descriptor
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. By specifying the Database Access Descriptor DAD used to access a PL/SQL application, an attacker could gain unauthorized access to the application...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via help page request
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial of service or execute arbitrary code on the system...
IBM AIX login fails to adequately authenticate user when configured to use loadable authentication modules
Overview There is a remotely exploitable flaw in IBM's AIX 5.1L login when using loadable authentication modules. This does not affect AIX 4.3 and earlier. Description IBM AIX 5.1L login, with loadable authentication modules enabled and some non-default configurations, will permit users to login...
Microsoft SQL Server and Microsoft Data Engine (MSDE) ship with a null default password
Overview Microsoft SQL Server and Microsoft Data Engine ship with a null default password on the administrative account sa. If the system administrator does not set the password, the system may be vulnerable to attack. Description Microsoft SQL Server MS SQL and Microsoft Data Engine MSDE ship...
Compaq Insight Manager XE buffer overflow in SNMP and DMI functionality
Overview The Compaq web-enabled management software contains a buffer overflow in the SNMP and DMI functionality. Remote intruders may be able to execute arbitrary code with privileges on affected systems. All versions of Compaq Insight Manager XE are affected, but Compaq Insight Manager windows...
Default installations of the Lotus Domino web server disclose system information via HTTP headers
Overview The default configuration of the Lotus Domino web server discloses system characteristics to anonymous remote users. Description The default configuration of the Lotus Domino web server discloses system information in the HTTP headers it returns to a web browser. If these headers are...
Beck GmbH IPC@CHIP HTTPD vulernable to arbitrary file disclosure
Overview The Beck IPC@CHIP web server permits intruders to access files outside the web root. Description The Beck IPC@CHIP is a single chip embedded webserver. The Web Server's root directory is set to / by default. Because of this default setting, an attacker can download arbitrary files from a...
ISC InterNetNews (INN) innfeed contains buffer overflow
Overview A locally exploitable buffer overflow exists in ISC InterNetNews. Description InterNetNews is a Usenet/Netnews news server supported by the Internet Software Consortium and volunteers. Innfeed is a component of InterNetNews that implements the NNTP protocol for transerring news between...
Caucho Technologies Resin vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web servers that use the Resin Java Servlet Container, versions 1.2.3 and earlier, are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidat...
UUCP package contains multiple buffer overflows via long string of characters sent as command line argument
Overview Several Linux/Unix systems ship with a utility package called UUCP derived from System V. A buffer overflow in components of the UUCP package can allow an intruder to gain elevated privileges. Description Several Linux/Unix systems ship with a utility package called UUCP derived from...
SSH1 may generate weak passphrase when using Secure RPC
Overview The secure-RPC feature of the SSH1 client in Solaris sometimes encrypts the SSH private key file with a weak passphrase, which can be determined by an attacker and used to recover the SSH private keys. Other versions of the SSH client running on non-Solaris platforms are not affected by...
Hewlett-Packard MPE/iX linkeditor permits privilege escalation
Overview There is a problem with the MPE/iX linkeditor that may allow an attacker to gain system manager privileges. Description The problem affects HP3000 systems running MPE/iX versions 5.5 through 6.5. HP has published a security bulletin describing the solution to this vulnerability...
NewsDaemon does not adequately filter user input to $user_username
Overview NewsDaemon prior to version 0.21b contains a vulnerability allowing remote attackers to gain administrative access to the web site. Description NewsDaemon is a PHP-based tool used to allow readers to submit and comments on news items and stories over the web. It also allows for...
Hewlett-Packard MPE/ix contains vulnerabitily via architected interface facility
Overview A vulnerability in certain Hewlett-Packard systems allows users to gain unauthorized access to user accounts and databases using the architected interface facility. Description HP3000 systems running MPE/iX release 5.5 and newer contain a vulnerability in the architected interface facili...
ADK flaw in recent versions of PGP
Overview Additional Decryption Keys ADKs is a feature introduced into PGP Pretty Good Privacy versions 5.5.x through 6.5.3 that allows authorized extra decryption keys to be added to a user's public key certificate. However, an implementation flaw in PGP allows unsigned ADKs which have been...
A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable
Overview UEFI firmware applications DTBios and BiosFlashShell from DTResearch contain a vulnerability that allows Secure Boot to be bypassed using a specially crafted NVRAM variable. The vulnerability stems from improper handling of a runtime NVRAM variable that enables an arbitrary write...
Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions
Overview PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. Users of PyTorch Lightning should use caution when loading models from unknown or unmanaged sources. Description PyTorch Lightning, a...
A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server
Overview A stack-based overflow vulnerability exists in the tinydhcp server in the Microchip Advanced Software Framework ASF that can lead to remote code execution. Description An implementation of DHCP in ASF fails input validation, thereby creating conditions for a stack-based overflow. The...
Little CMS 2 DefaultICCintents double-free vulnerability
Overview Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Little CMS is an open-source color management engine that supports the International Color...