3704 matches found
Dell Foundation Services installs root certificate and private key (eDellRoot)
Overview Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...
CA LISA Release Automation contains multiple vulnerabilities
Overview CA LISA Release Automation 4.7.1.385 contains multiple vulnerabilities Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2014-8246CA LISA Release Automation 4.7.1.385 contains a global Cross-Site Request Forgery CSRF vulnerability. The application allows a malicious user to...
Pearson eSIS Enterprise Student Information System XSS vulnerability
Overview Pearson eSIS Enterprise Student Information System contains a XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'Pearson eSIS Enterprise Student Information System contains a reflected cross-site scripting vulnerabilit...
Visibility Software Cyber Recruiter authentication bypass vulnerability
Overview Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages. Description CWE-305: Authentication Bypass by Primary Weakness:Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages allowi...
SolarWinds Orion IPAM web interface reflected xss vulnerability
Overview SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'SolarWinds Orion IPAM web interface contains a reflected cross-site scripting vulnerability. ...
BMC Identity Management Suite cross-site request forgery vulnerability
Overview BMC Identity Management Suite v7.5.00.103 and possibility other versions are vulnerable to cross-site request forgery vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF:It has been reported that BMC Identity Management Suite v7.5.00.103 and possibility other versions a...
Multiple vulnerabilities in Intuit QuickBooks
Overview Intuit QuickBooks 2009 through 2012 have been reported to contain a file disclosure and heap corruption vulnerability. Description Derek Soeder's vulnerability report states the following:Intuit Help System Protocol File Retrieval The vulnerability described in this document can be...
WebGlimpse command injection vulnerability
Overview Webglimpse, a web site search application, contains a command injection vulnerability. Description The webglimpse.cgi script contains a command injection vulnerability. An attacker can use a specifically crafted query URL parameter to run system commands. The results of the command will ...
Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers
Overview Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description Autonomy Keyview IDOL is a set of libraries that can decode over 1,000 different file formats. The...
Objectivity/DB administration tools lack authentication
Overview The administration tools i.e. ookillls, oostopams, etc for Objectivity/DB do not require authentication for local or remote operation. Description Objectivity/DB comes with several administration tools for database maintenance. By design, these tools do not require authentication. An...
Google Chrome multiple vulnerabilities
Overview Google Chrome contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Google Chrome stable channel versions prior to 8.0.552.237 contain multiple memory corruption vulnerabilities. These...
DevonIT weak authentication and buffer overflow in /usr/bin/tm-console-bin
Overview The DevonIT management tool for thin clients uses a shared secret that is transmitted over the network in the clear. The /usr/bin/tm-console-bin application contains a buffer overflow, which may allow an attacker to execute arbitrary code. Description The management tool transmits an...
NuPoint Messenger server transmits authentication credentials in plain text
Overview NuPoint Messenger is a unified communications product that connects to a Microsoft Exchange server. When communicating with the mail server, the NuPoint Messenger server transmits Exchange usernames and passwords in cleartext. Description The NuPoint Messenger server can connect to a...
MD5 vulnerable to collision attacks
Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...
Intrinsic Swimage Encore does not securely manage login credentials
Overview Intrinsic Swimage Encore has an unencrypted, hardcoded, default password that could allow an attacker access to protected data. Description Intrinsic Swimage Encore automates remote desktop, server, and device deployment. This product includes both a server and a client solution. The...
Motorola Surfboard cable modem cross-site request forgery vulnerability
Overview Motorola Surfboard cable modems may contain a cross-site request forgery vulnerability that allows an attacker to cause an affected modem to reboot or reload its configuration. Description Cable modems are designed to deliver broadband Internet access via unused bandwidth on a cable...
Trillian Instant Messenger client fails to properly handle malformed URIs
Overview The Trillian Instant Messaging client contains a buffer overflow vulnerability that may allow an attacker to execute code. Description A Uniform Resource Identifier URI is a string of characters that can be used to identify a location, resource, or protocol. The Trillian Instant Messenge...
Cisco ASA clientless SSL VPN denial of service vulnerability
Overview The Cisco ASA firewall's SSL VPN component contains an denial-of-service vulnerability. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing, intrusion prevention system IPS, and VPN components. The clientless SSL VPN allows remote users with a web...
Microsoft Content Management Server fails to properly process crafted HTTP requests
Overview A vulnerability in the way Microsoft Content Managment Server handles HTTP requests may lead to execution of arbitrary code. Description Microsoft Content Managment Server CMS contains a vulnerability that could be exploited when it attempts to process specially crafted HTTP requests...
Trend Micro ServerProtect CMON_NetTestConnection() stack buffer overflow
Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONNetTestConnectionroutine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially...
Trend Micro ServerProtect STCommon stack buffer overflow
Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONActiveUpdate and CMONActiveRollbackroutines possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by...
Trend Micro Anti-Rootkit Common Module fails to properly validate input
Overview A vulnerability exists in Trend Micro Anti-Rootkit Common Module that may allow a local attacker to gain elevated privileges. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro Anti-Rootkit Common Module is included with TrendMicro...
Cisco Secure Access Control Server fails to properly handle a specially crafted RADIUS Accounting-Request packet
Overview A vulnerability in the RADIUS server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system. Description Cisco Secure ACS is a Remote Access Dial-In User Service RADIUS and Terminal Access Controller Access Control System Plu...
Linksys WRT54G routers do not properly validate user credentials
Overview Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes. Description The Linksys WRTG54G is a broadband router that has an integrated wireless access point and ethernet switch. The WRT54G router's configuration settings are controlled by a w...
Microsoft Indexing Services vulnerable to cross-site scripting
Overview Microsoft's Indexing Service does not properly validate queries. This vulnerability may allow an attacker to run client-side scripts on behalf of a user. Description Microsoft's Indexing Service allows users to quickly search computers and networks. This service can be used in combinatio...
AOL ICQ Pro fails to properly handle incoming message lengths
Overview A buffer overflow vulnerability in ICQ may allow a remote attacker to execute arbitrary code or create a denial-of-service condition. Description ICQ is a instant messaging application that is maintained by AOL. A buffer overflow vulnerability in ICQ Pro 2003b may allow a remote,...
VERITAS Backup Exec Server Service contains a buffer overflow vulnerability
Overview A heap-based buffer overflow in VERITAS Backup Exec Admin Plus Pack Option may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.VERITA...
Microsoft ISA Server 2000 vulnerable to privilege escalation via "NETBIOS" connection
Overview Microsoft Internet Security and Acceleration Server 2000 contains an elevation of privilege vulnerability that allows an attacker to create unintended NetBIOS service connections within the affected ISA Server host. Description Microsoft ISA Server 2000 contains firewall, virtual private...
MailPost vulnerable to cross-site scripting via an executable requested with a trailing slash appended to the filename
Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack by adding a trailing '/' character to the executable filename. The...
Mozilla contains integer overflows in bitmap image decoder
Overview A vulnerability in the way Mozilla and its derived programs handle certain bitmap images could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla web browser and related Mozilla products support the ability to natively display a number of...
Multiple Cisco ONS control cards fail to properly handle malformed UDP packets
Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...
Sun Solaris vulnerable to DoS when the Basic Security Module (BSM) is configured to perform auditing of specific classes
Overview There is a vulnerability in Sun Solaris that could allow local users to cause a denial of service when the Basic Security Module BSM is configured to perform auditing of specific audit classes. Description Sun Microsystems describes the Basic Security Module BSM as a "security auditing...
MIT Kerberos 5 krb5_aname_to_localname() contains several heap overflows
Overview MIT Kerberos 5 contains several heap buffer overflow vulnerabilities in code that translates Kerberos principal names to local UNIX account names. An authenticated, remote attacker could execute arbitrary code on a vulnerable system with root privileges. Description MIT Kerberos 5 contai...
Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function
Overview There is a buffer overflow vulnerability in the Gaim yahoopacketread function, which could allow an unauthenticated, remote attacker to execute arbitrary code. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of...
Gaim fails to properly parse cookies in Yahoo web connections
Overview There is a buffer overflow vulnerability in the way Gaim parses cookies for Yahoo web connections. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger YMSG...
Sun Solaris contains a vulnerability in the tcsetattr() library function
Overview A vulnerability in the Sun Solaris tcsetattr library function could allow a unprivileged local user to cause the system to hang. Description Sun Solaris uses a tcsetattr library function to set the parameters associated with the terminal. There is an unspecified vulnerability in the...
SunOS versions of sendmail use popen to return undeliverable mail
Overview Older versions of sendmail circa 1995 incorrectly used popen to process certain arguments. Description There is a problem with the way that the older circa 1995 versions of Sun Microsystems, Inc. version of sendmail processes the -oR option. This problem has been verified as existing in...
XMMS Remote input validation error
Overview There is an input validation error in the stand-alone SOAP server XMMS Remote which allows unauthorized remote command execution. Description XMMS Remote is a stand-alone XML/SOAP HTTP server implemented in PERL created by X2 Studios. It is used to monitor a running xmms media player...
Alcatel Operating System (AOS) does not require a password for accessing the telnet server
Overview The OmniSwitch 7700/7800 running Alcatel Operating System AOS version 5.1.1 has TCP port 6778 listening as a telnet server. This gives anyone access to the OmniSwitch's Vx-Works operating system without requiring a password. Description During an NMAP audit of the AOS 5.1.1 code that run...
InvokeRegWizard (regwizc.dll) ActiveX control has a buffer overflow
Overview Microsoft Internet Explorer 4.01 and 5 ship with a series of activex controls to aid in its functionality. Regwiz.dll is an safe-for-scripting activex control that contains a remotely exploitable buffer overflow. Description InvokeRegWizard regwizc.dll is a control that ships with...
Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser
Overview There is a buffer overflow in the parsing of Active Stream Redirector .ASX files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page. Description There is a buffer overflow in the processing of Active Stream Redirector .ASX...
TDForum does not adequately validate user input thereby allowing users to embed malicious script code in messages
Overview TDForum does not properly filter HTML scripting tags from user input, allowing users to post malicious scripts that may be executed unwittingly by other users. Description TDForum is a commercial software package providing dynamic web forum capabilities. Versions 1.2 and earlier of TDFor...
A1Stats multiple CGI scripts fail to adequately validate user input
Overview A1Stats does not properly validate user input, allowing directory traversal and overwriting of files. Description A1Stats is a CGI script that provides reports on web site traffic. A1Stats does not properly filter the CGI query string. An attacker may exploit this vulnerability to traver...
Mac OS X Finder creates world-readable ".FBCIndex" file thereby disclosing sensitive information
Overview Mac OS X's Find-By-Content indexing may store file data where it can be served to remote users by Apache. Description The Find-By-Content feature of Mac OS X generates indexing data from the contents of files in each directory. It then stores the indexing data for each directory in a...
Directory-traversal vulnerability in Mike Spice's My Classifieds CGI script
Overview Some versions of My Classifieds contain a directory-traversal vulnerability that allows attackers to overwrite files. Description My Classifieds is a Perl CGI script, maintained by Mike Spice, that produces dynamic ad listings on a web server and allows users to edit their ads remotely...
Microsoft SQL Server contains buffer overflows in several Database Consistency Checkers
Overview Microsoft SQL Server ships with several administrative tools that allow database users to elevate their administrative privileges from a single database to all databases on the server. Description Microsoft SQL Server ships with several utilities known as Database Consistency Checkers...
Real Networks RealJukebox2 vulnerable to arbitrary code execution via crafted skin file
Overview RealNetwork's RealJukebox and RealONE Gold players are media applications that permit users to stream audio and video from local and internet sources. A vulnerability exists in the applications that could permit the execution of arbitrary code by a remote attacker. Description RealJukebo...
Microsoft Internet Explorer may handle certain web pages in an incorrect, less restrictive security zone (MS02-023)
Overview Microsoft Internet Explorer IE may handle malformed Internet pages accessed through the NetBIOS protocol as if they belong to the IE's Intranet or Trusted Sites security zones, instead of the more restrictive Internet security zone. Description If a user views a page on the Internet that...
Microsoft Internet Explorer does not adequately evaluate malformed URLs
Overview Microsoft Internet Explorer contains a serious vulnerability in its handling of zone determination. Description Microsoft Internet Explorer contains a vulnerability in the way in which it handles zone determination. Specifically, HTML scripts stored in cookies should be executed in the...
OpenSSH does not initialize PAM session thereby allowing PAM restrictions to be bypassed
Overview OpenSSH is an implementation of the Secure Shell SSH protocol. It can be configured to use Linux Pluggable Authentication Modules PAM for added authentication. A vulnerability exists in OpenSSH, and perhaps other implementations of SSH, which can allow to potentially bypass PAM...