Little CMS 2 DefaultICCintents double-free vulnerability

Overview Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Little CMS is an open-source color management engine that supports the International Color...

Dell Foundation Services installs root certificate and private key (eDellRoot)

Overview Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...

Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication

Overview Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data. Description CWE-319: Cleartext Transmission of Sensitive Information Panasonic Arbitrator Back-End Server BES uses an unencrypted channel to transmit data between the client and server. It has been...

IBM Notes Traveler for Android transmits user credentials over HTTP

Overview The IBM Notes Traveler application for Android does not enforce the use of HTTPS for transmitting user credentials, which can allow an attacker to obtain this information. Description IBM Notes Traveler formerly known as Lotus Notes Traveler is an application that allows access to email,...

F5 ARX Data Manager contains a SQL injection vulnerability

Overview F5 ARX Data Manager 3.0.0 - 3.1.0 contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command F5 ARX Data Manager 3.0.0 - 3.1.0 contains an unspecified SQL injection vulnerability. --- Impact A remote authenticated attack...

Pearson eSIS Enterprise Student Information System XSS vulnerability

Overview Pearson eSIS Enterprise Student Information System contains a XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'Pearson eSIS Enterprise Student Information System contains a reflected cross-site scripting vulnerabilit...

Visibility Software Cyber Recruiter authentication bypass vulnerability

Overview Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages. Description CWE-305: Authentication Bypass by Primary Weakness:Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages allowi...

Lexmark laser printers contain multiple vulnerabilities

Overview Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks. Description CWE-620: Unverified Password Change - CVE-2013-6032Certain models of Lexmark laser printers and MarkNet devices are vulnerable to an attack which allows a remote...

Tiki Wiki CMS Groupware version 11.0 contains a cross-site scripting (XSS) vulnerability

Overview Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Tiki Wiki CMS Groupware version 11.0 and possibly earlier...

SolarWinds Orion IPAM web interface reflected xss vulnerability

Overview SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. ...

BMC Identity Management Suite cross-site request forgery vulnerability

Overview BMC Identity Management Suite v7.5.00.103 and possibility other versions are vulnerable to cross-site request forgery vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF:It has been reported that BMC Identity Management Suite v7.5.00.103 and possibility other versions a...

Multiple vulnerabilities in Intuit QuickBooks

Overview Intuit QuickBooks 2009 through 2012 have been reported to contain a file disclosure and heap corruption vulnerability. Description Derek Soeder's vulnerability report states the following:Intuit Help System Protocol File Retrieval The vulnerability described in this document can be...

Netgear FVS318N router default remote management vulnerability

Overview Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router's remote management feature is enabled by default. Description Netgear ProSafe Wireless-N 8-port Gigabit VPN Firewall FVS318N router allows remote WAN internet users access to the administrator web interface of the...

WebGlimpse command injection vulnerability

Overview Webglimpse, a web site search application, contains a command injection vulnerability. Description The webglimpse.cgi script contains a command injection vulnerability. An attacker can use a specifically crafted query URL parameter to run system commands. The results of the command will ...

Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers

Overview Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description Autonomy Keyview IDOL is a set of libraries that can decode over 1,000 different file formats. The...

Google Chrome multiple vulnerabilities

Overview Google Chrome contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Google Chrome stable channel versions prior to 8.0.552.237 contain multiple memory corruption vulnerabilities. These...

Objectivity/DB administration tools lack authentication

Overview The administration tools i.e. ookillls, oostopams, etc for Objectivity/DB do not require authentication for local or remote operation. Description Objectivity/DB comes with several administration tools for database maintenance. By design, these tools do not require authentication. An...

DevonIT weak authentication and buffer overflow in /usr/bin/tm-console-bin

Overview The DevonIT management tool for thin clients uses a shared secret that is transmitted over the network in the clear. The /usr/bin/tm-console-bin application contains a buffer overflow, which may allow an attacker to execute arbitrary code. Description The management tool transmits an...

MD5 vulnerable to collision attacks

Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...

LANDesk QIP service buffer overflow vulnerability

Overview The LANDesk Management Suite Intel QIP service contains a buffer overflow vulnerability. Description The LANDesk Intel QIP Server Service is used to configure policy management. The Intel QIP service allows LANDesk Agents to report status and make certain software requests. A buffer...

Intrinsic Swimage Encore does not securely manage login credentials

Overview Intrinsic Swimage Encore has an unencrypted, hardcoded, default password that could allow an attacker access to protected data. Description Intrinsic Swimage Encore automates remote desktop, server, and device deployment. This product includes both a server and a client solution. The...

Microsoft Content Management Server fails to properly process crafted HTTP requests

Overview A vulnerability in the way Microsoft Content Managment Server handles HTTP requests may lead to execution of arbitrary code. Description Microsoft Content Managment Server CMS contains a vulnerability that could be exploited when it attempts to process specially crafted HTTP requests...

Trend Micro ServerProtect STCommon stack buffer overflow

Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONActiveUpdate and CMONActiveRollbackroutines possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by...

Trend Micro ServerProtect CMON_NetTestConnection() stack buffer overflow

Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONNetTestConnectionroutine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially...

Voice mail systems allow administrative access based on Caller ID

Overview Certain voice mail systems trust Calling Number Identification CNID, Caller ID to authenticate administrative access to voice mail accounts. Caller ID can be easily spoofed, allowing an attacker to gain control over a vulnerable voice mailbox. Description Some voice mail systems use Call...

Cisco Secure Access Control Server fails to properly handle a specially crafted RADIUS Accounting-Request packet

Overview A vulnerability in the RADIUS server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system. Description Cisco Secure ACS is a Remote Access Dial-In User Service RADIUS and Terminal Access Controller Access Control System Plu...

Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles certain script errors may lead to memory corruption that may allow remote execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability that could be exploited when handling...

Google Mini and Google Search Appliance vulnerable to cross-site scripting

Overview Google Mini and Google Search Appliance fail to properly handle UTF-7 encoded URIs. This vulnerability may allow a remote attacker to read or modify data in web pages. Description Google Mini and Google Search Appliance fail to properly handle UTF-7 encoded URIs, possibly allowing a remo...

Apple Mac OS X Apple Type Services server contains multiple buffer overflows

Overview The Apple Mac OS X Apple Type Services server contains multiple buffer overflow vulnerabilities. These vulnerabilities may allow a local attacker to execute arbitrary code with system privileges. Description The Apple Mac OS X Apple Type Services server fails to properly validate service...

Linksys WRT54G routers do not properly validate user credentials

Overview Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes. Description The Linksys WRTG54G is a broadband router that has an integrated wireless access point and ethernet switch. The WRT54G router's configuration settings are controlled by a w...

AOL ICQ Pro fails to properly handle incoming message lengths

Overview A buffer overflow vulnerability in ICQ may allow a remote attacker to execute arbitrary code or create a denial-of-service condition. Description ICQ is a instant messaging application that is maintained by AOL. A buffer overflow vulnerability in ICQ Pro 2003b may allow a remote,...

Microsoft DHCP Client service contains a buffer overflow

Overview Microsoft DHCP Client service contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Dynamic Host Configuration Protocol DHCP As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provides...

Winny contains a buffer overflow

Overview Winny contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Winny also referred to as WinNY is a popular Japanese peer-to-peer file sharing application. A flaw exists in this program due t...

VERITAS Backup Exec Server Service contains a buffer overflow vulnerability

Overview A heap-based buffer overflow in VERITAS Backup Exec Admin Plus Pack Option may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.VERITA...

Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution

Overview Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level root privileges. Description Extreme Network switches running ExtremeWare XOS contain...

Microsoft Windows Indexing Service fails to properly handle query validation

Overview A vulnerability in the Microsoft Indexing Service could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Indexing Service provides applications and scripts with a means of managing, querying, and indexing information in file systems or web...

Cisco IOS fails to properly handle malformed DHCP packets

Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. Description The Dynamic Host Configuration Protocol DHCP provides a means for distributing...

Mozilla contains integer overflows in bitmap image decoder

Overview A vulnerability in the way Mozilla and its derived programs handle certain bitmap images could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla web browser and related Mozilla products support the ability to natively display a number of...

Multiple Cisco ONS control cards fail to properly handle malformed UDP packets

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

Cisco Collaboration Server (CCS) ServletExec allows arbitrary file uploading

Overview There is a vulnerability in the ServletExec subcomponent of the Cisco Collaboration Server CCS that could allow an attacker to upload arbitrary files to the server. Description The Cisco Collaboration Server CCS is designed to provide interactive customer support web page sharing,...

Sun Solaris vulnerable to DoS when the Basic Security Module (BSM) is configured to perform auditing of specific classes

Overview There is a vulnerability in Sun Solaris that could allow local users to cause a denial of service when the Basic Security Module BSM is configured to perform auditing of specific audit classes. Description Sun Microsystems describes the Basic Security Module BSM as a "security auditing...

MIT Kerberos 5 krb5_aname_to_localname() contains several heap overflows

Overview MIT Kerberos 5 contains several heap buffer overflow vulnerabilities in code that translates Kerberos principal names to local UNIX account names. An authenticated, remote attacker could execute arbitrary code on a vulnerable system with root privileges. Description MIT Kerberos 5 contai...

Gaim fails to properly parse cookies in Yahoo web connections

Overview There is a buffer overflow vulnerability in the way Gaim parses cookies for Yahoo web connections. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger YMSG...

Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function

Overview There is a buffer overflow vulnerability in the Gaim yahoopacketread function, which could allow an unauthenticated, remote attacker to execute arbitrary code. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of...

Cisco WLSE and HSE devices contain hardcoded username and password

Overview A default account with a common username and password exists in two Cisco products. An attacker with knowledge of this account information can compromise any of these devices on the network. Description A default account with a known, fixed username and password combination exists in som...

Apple Mac OS X Safari fails to properly display URLs in the status bar

Overview Apple Mac OS X Safari fails to properly display URLs in the status bar. Description Safari is a web browser for the Macintosh platform. There is an unspecified vulnerability in the way Safari displays URLs in the status bar. --- Impact The complete impact of this vulnerability is not yet...

Sendmail fails to appropriately initialize data structures for DNS maps

Overview There is an uninitialized data structure in sendmail 8.12.x rrdomain = smstrduphost; \t\tif rr-rrdomain == NULL \t\t A fix for this condition was made in sendmail 8.12.9 in March 2003, but it was not known to be a security issue at that time. --- Impact A remote attacker may be able to...

Sun ONE/iPlanet Web Server vulnerable to DoS

Overview A vulnerability in the SunOne/iPlanet Web Server may allow a remote attacker to cause a denial of service. Description The SunOne/iPlanet Web Server contains a vulnerability which may allow a remote attacker to disrupt the normal operation of the web server. This vulnerability is only...

Cisco Secure ACS for Windows CSAdmin vulnerable to buffer overflow via login requests

Overview Cisco Secure ACS for Windows contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service. Description Cisco Secure ACS for Windows is an authentication, authorization, and accounting AAA server. From Cisco Security...

SunOS versions of sendmail use popen to return undeliverable mail

Overview Older versions of sendmail circa 1995 incorrectly used popen to process certain arguments. Description There is a problem with the way that the older circa 1995 versions of Sun Microsystems, Inc. version of sendmail processes the -oR option. This problem has been verified as existing in...