Microsoft Indexing Services vulnerable to cross-site scripting

Overview Microsoft's Indexing Service does not properly validate queries. This vulnerability may allow an attacker to run client-side scripts on behalf of a user. Description Microsoft's Indexing Service allows users to quickly search computers and networks. This service can be used in combinatio...

Retro64 / Miniclip CR64Loader ActiveX control buffer overflow

Overview The Retro64 / Miniclip CR64Loader ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The CR64Loader Object is an ActiveX control developed by Retro64. The web sites...

Tamarack MMSd components fail to properly handle malformed packets

Overview Tamarack MMSd components do not properly handle malformed RFC 1006 packets. This vulnerability may allow a remote, unauthenticated attacker to cause a denial of service condition. Description ISO Transport Service over TCP TPKT, RFC 1006 RFC 1006 specifies how to run the OSI transport...

eBay Enhanced Picture Services ActiveX control buffer overflow

Overview The eBay Enhanced Picture Services EPUImageControl Class ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to...

Cisco Access Point Web Browser Interface contains a vulnerability

Overview A vulnerability in the HTTP management interface for some configurations of Cisco wireless access points could allow a remote attacker to take complete control over the affected device. Description Cisco wireless access points allow administrators to create more than one set of...

Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages

Overview The Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages, which may allow an attacker to overwrite any file on a vulnerable client as root. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...

Oracle Enterprise Manager Oracle Agent contains a buffer overflow

Overview Oracle Enterprise Manager Oracle Agent contains a buffer overflow vulnerability. Exploitation may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description The Oracle Agent provides remote management services for Oracle Enterprise...

Microsoft DirectShow buffer overflow

Overview A buffer overflow in Microsoft DirectShow may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectShow is a programming architecture for streaming multimedia on the Microsoft Windows platform. An input validation error in...

Microsoft ISA Server 2000 vulnerable to privilege escalation via "NETBIOS" connection

Overview Microsoft Internet Security and Acceleration Server 2000 contains an elevation of privilege vulnerability that allows an attacker to create unintended NetBIOS service connections within the affected ISA Server host. Description Microsoft ISA Server 2000 contains firewall, virtual private...

Groove Virtual Office COM objects may be accessed insecurely

Overview Groove Virtual Office may allow access restrictions on COM objects to be bypassed. Exploitation may allow an attacker to execute arbitrary code. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and various other too...

Sun StorEdge 6130 array may allow unauthorized users to delete data

Overview Some Sun StorEdge 6130 controller arrays may contain a flaw that allows a remote unprivileged user to gain unintended access and to delete arbitrary data. Description Sun StorEdge 6130 controller arrays with a serial number in the range 0451AWF00G - 0513AWF00J may contain an unknown flaw...

Apache Tomcat fails to properly handle certain requests

Overview Apache Tomcat does not properly handle certain types of requests allowing a remote attacker to cause a denial of service. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Tomcat uses the AJP12 protocol on TCP 8007 by default for...

Exim vulnerable to buffer overflow via the dns_build_reverse() routine

Overview The Exim Mail Transfer Agent MTA contains a buffer overflow that allows a local attacker to execute arbitrary code. Description Exim MTA is an open-source mail transport agent distributed by the University of Cambridge. A lack of input validation on user supplied data may allow a buffer...

Debian Linux Netkit telnetd-ssl contains a format string vulnerability

Overview Debian Linux Netkit telnetd-ssl contains a format string vulnerability that may allow a remote attacker to execute arbitrary code. Description An unspecified format string vulnerability in Debian Linux Netkit telnetd-ssl may allow a remote attacker to execute arbitrary code on a vulnerab...

phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter

Overview phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Description phpBB is an open-source bulletin board. A lack of inpu...

MailPost vulnerable to cross-site scripting via an executable requested with a trailing slash appended to the filename

Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack by adding a trailing '/' character to the executable filename. The...

Macromedia JRun Server is vulnerable to a cross-site scripting attack

Overview A cross-site scripting vulnerability exists in the Macromedia JRun Server Management Console that may allow an attacker to execute arbitrary code. Description JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is...

Mozilla may allow violation of cross-domain scripting policies via dragging

Overview A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source. Description Mozilla web browsers allow the dragging of links and objects from one window to another. Should the object copied ...

Powie's PSCRIPT Forum fails to filter user posts

Overview Powie's PSCRIPT Forum fails to properly sanitize user input, which allows an attacker to create a user profile that can execute arbitrary scripts in a victim's web browser when the victim views the profile. Description Powie's PSCRIPT Forum is an online forum application written in PHP...

Cisco Transaction Language 1 (TL1) interface fails to properly validate accounts with blank passwords

Overview There is a vulnerability in the Cisco Transaction Language 1 TL1 login interface that could allow a remote attacker to gain access to a Cisco ONS device. Description Transaction Language 1 TL1 is a widely used telecommunications management protocol. A default account, CISCO15, contains a...

Gaim contains a buffer overflow vulnerability in the yahoo_decode() function

Overview There is a buffer overflow vulnerability in the Gaim yahoodecode function, which could cause a pointer to reference memory beyond the terminating null byte. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instan...

Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets

Overview Microsoft Windows Internet Naming Service WINS fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition. Description The Windows Internet Naming Service WINS maps IP addresses to NETBIO...

KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader

Overview KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands. Description KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains ...

Microsoft Windows Media Player fails to properly evaluate URLs when downloading skin files

Overview Microsoft Media Player contains a vulnerability in the parsing of "Skin Files" that may permit a remote attacker to download arbitrary files to a known location on the local system. Description Microsoft Media Player is an application that plays various types of media files. The user can...

Multi-Tech ProxyServers ship with null password for administrative access

Overview Some versions of the Multi-Tech ProxyServer products ship without a default password for the administrative interface. Description Some versions of the Multi-Tech ProxyServer products ships without a default password for the administrative interface permitting unauthenticated access via...

Oracle9i Database contains remotely exploitable buffer overflow in "ORACLE.EXE"

Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 The buffer overflow exists in a...

TDForum does not adequately validate user input thereby allowing users to embed malicious script code in messages

Overview TDForum does not properly filter HTML scripting tags from user input, allowing users to post malicious scripts that may be executed unwittingly by other users. Description TDForum is a commercial software package providing dynamic web forum capabilities. Versions 1.2 and earlier of TDFor...

IBM AIX FC contains buffer overflow exploitable during session setup

Overview The FC client in IBM's AIX contains a buffer overflow that may cause a core dump in the client. Description The IBM AIX FC client allows a buffer overflow of a few bytes in the client process, which could cause intermittent core dumps during session setup. Overflowing the buffer is...

Mac OS X Finder creates world-readable ".FBCIndex" file thereby disclosing sensitive information

Overview Mac OS X's Find-By-Content indexing may store file data where it can be served to remote users by Apache. Description The Find-By-Content feature of Mac OS X generates indexing data from the contents of files in each directory. It then stores the indexing data for each directory in a...

Sun iPlanet and ONE Web Servers contain a buffer overflow in the search engine

Overview The Sun iPlanet Web Server and Sun ONE Web Server both ship with a search engine that is not enabled by default. A remotely exploitable buffer overflow exists in the search engine that could permit an attacker to execute arbitrary code on the system. Description The Sun iPlanet Web Serve...

SGI IRIX contains vulnerability in rpc.passwd allowing for root compromise

Overview There is a vulnerability in rpc.passwd that could allow root compromise. Description /usr/etc/rpc.passwd, part of the nfs.sw.nis subsystem on IRIX 6.5, could permit a root compromise. No other details are available. --- Impact Intruders could gain root access. --- Solution Apply a patch ...

webMathematica discloses the contents of arbitrary files when file is requested using the absolute path

Overview A directory traversal vulnerability exists in webMathematica. Description webMathematica provides a way to offer access to Mathematica applications via a web browser interface. For example, one can deploy calculators, problem solvers, and other types of interactive content over the web.B...

Yahoo! Messenger allows arbitrary users to be added to buddy list without proper authorization

Overview Yahoo! Messenger is an instant messaging client. There is a vulnerability in Yahoo! Messenger that permits a remote user to add arbitrary users to the victim's buddy list. Description Yahoo! Messenger allows users to view content only from users on their buddy list. An attacker could cra...

Oracle Web Cache contains buffer overflow vulnerabilities

Overview The CERT/CC is aware of a report about "several remotely exploitable buffer overflow vulnerabilities in the Oracle Web Cache Server" that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Web Cache process. Description The Oracle Web Cac...

Microsoft Internet Explorer may handle certain web pages in an incorrect, less restrictive security zone (MS02-023)

Overview Microsoft Internet Explorer IE may handle malformed Internet pages accessed through the NetBIOS protocol as if they belong to the IE's Intranet or Trusted Sites security zones, instead of the more restrictive Internet security zone. Description If a user views a page on the Internet that...

Microsoft Internet Explorer does not adequately evaluate malformed URLs

Overview Microsoft Internet Explorer contains a serious vulnerability in its handling of zone determination. Description Microsoft Internet Explorer contains a vulnerability in the way in which it handles zone determination. Specifically, HTML scripts stored in cookies should be executed in the...

Buffer overflow vulnerability in grpck command line utility

Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the grpck utility. Description The grpck utility performs syntax checking of /etc/group and /etc/gshadow group information files. This utility contains a buffer overflow vulnerability in the section of...

Advanced Poll does not adequately authenticate users

Overview Advanced Poll is a polling system written in PHP for use on web sites. When a flat file database is used, Advanced Poll does not adequately authenticate users, thereby allowing any user to gain Advanced Poll administrative privileges. Description On versions of Advanced Poll older than...

OpenSSH fails to properly apply source IP based access control restrictions

Overview OpenSSH is an implementation of the Secure Shell protocol. A user may be able to bypass the IP based access control restriction feature specified in a key when two keys of varying types are specified. Description Versions of OpenSSH between 2.5.x - 2.9.x may fail to enforce the IP based...

XMCD vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview xmcd is an x11/motif CD playing utility, in the public domain. cda, the command line interface to xmcd, executes with system administrator privileges. It is vulnerable to a symbolic link attack that may allow a local user to obtain administrator privileges. Description cda, the command...

Php variables passed from the browser are stored in global context

Overview Php is a dynamic scripting language used by programmers to develop webservers, message boards, chat applications and a variety of programs. By default php stores variables passed from the URL in a global context. Programmers often fail to change this setting which can allow serious...

Cisco PIX Firewall Manager stores enable password in plain text

Overview A vulnerability exists in the way the Cisco Pix Firewall Manager stores authentication credentials which could allow local attackers to have read access to the enable password for the Cisco Pix Firewall. Description The PIX Firewall Manager PFM is a software package designed to allow...

getty_ps creates temporary files insecurely

Overview gettyps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. Description Under certain circumstances,...

Default installations of the Lotus Domino web server disclose system information via HTTP headers

Overview The default configuration of the Lotus Domino web server discloses system characteristics to anonymous remote users. Description The default configuration of the Lotus Domino web server discloses system information in the HTTP headers it returns to a web browser. If these headers are...

ISC InterNetNews (INN) innfeed contains buffer overflow

Overview A locally exploitable buffer overflow exists in ISC InterNetNews. Description InterNetNews is a Usenet/Netnews news server supported by the Internet Software Consortium and volunteers. Innfeed is a component of InterNetNews that implements the NNTP protocol for transerring news between...

Allaire JRun Java Application Server vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the Allaire JRun Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...

IBM SecureWay Directory is vulnerable to denial-of-service attacks via LDAP handling code

Overview The IBM SecureWay Directory contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, t...

SEDUM HTTP server permits directory traversal

Overview The SEDUM web server permits intruders to access files outside the web root. Description The SEDUM Web Server permits intruders to access files outside the web root using a GET request containing ".." dot dot. This can expose files including files with sensitive information to exposure b...

RhinoSoft FTP Voyager FtpTree incorrectly marked "safe for scripting"

Overview FTP Voyager is an FTP client implemented as an ActiveX control. It is incorrectly marked as "safe for scripting" allowing malicious web pages or email messages to upload and download files. Description FTP Voyager is an FTP client implemented as an ActiveX control. An ActiveX control may...

Kerberos client code buffer overflow in kdc_reply_cipher()

Overview There is a buffer overflow is the kdcreplycipher function of KTH Kerberos. This buffer overflow may be exploitable to allow an attacker to gain root privileges, and can be used to deny service. Description The buffer overflow occurs in the parsing of an authentication reply in the...