3704 matches found
Cenroll ActiveX Control allows creation of arbitrary files.
Overview The ActiveX control Cenroll permits unauthorized users to create files on the local system. Description The ActiveX control "Cenroll" clsid: 43F8F289-7A20-11D0-8F06-00C04FC295E1, which is ordinarily marked safe-for-scripting allows callers to create files and write to the registry with t...
Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition
Overview The Microsoft Windows MsiAdvertiseProduct function contains a race-condition vulnerability, which can allow an authentication attacker to elevate privileges to read protected files. Description The Microsoft Windows MsiAdvertiseProduct function allows a Windows installer product to...
Dell Foundation Services installs root certificate and private key (eDellRoot)
Overview Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...
Cisco Prime Infrastructure contains SUID root binaries
Overview The Cisco Prime Infrastructure version 2.2 contains two binaries with SUID root world-executable privileges, allowing any local user to execute arbitrary commands as root. Description CWE-276: Incorrect Default Permissions Two binaries are included in Cisco Prime version 2.2 that run as...
N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password
Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined. Description CWE-547: Use of Hard-coded, Security-relevant...
HP ArcSight contains multiple vulnerabilities
Overview HP ArcSight Logger and ESM contains multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE PendingHP ArcSight Logger 5.3.1.6838.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated...
Resin Pro improperly performs Unicode transformations
Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...
Kaseya's agent driver contains NULL pointer dereference
Overview Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. Description CWE-476: NULL Pointer Dereference Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. --- Impact A local authenticated attacker may be able to cause a denial-of-service...
Webmin contains a cross-site scripting vulnerability
Overview Webmin 1.670, and possibly earlier versions, contains a cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Webmin 1.670, and possibly earlier versions, contains a cross-site scripting vulnerability in...
Lookout Mobile Security contains a denial-of-service vulnerability
Overview Lookout Mobile Security version 8.14.1-7fe5f1, and possibly earlier versions, contains a denial-of-service vulnerability. Description Lookout Mobile Security version 8.14.1-7fe5f1 crashes if an intent is sent to com.lookout.security.ScanTell with no arguments. --- Impact A malicious...
Proofpoint Protection Server contains multiple vulnerabilities
Overview Proofpoint Protection Server contains multiple vulnerabilities including authentication bypass, insufficient authorization checks, command injection, SQL injection, and directory traversal. Description Clear Skies Security's advisory states:"Enduser Authentication Bypass User-level acces...
Symantec AppStream and Workspace Streaming vulnerable to arbitrary code download and execution
Overview The Symantec AppStream and Workspace Streaming clients fail to properly validate downloads, which can allow a remote, unauthenticated attacker to download and execute arbitrary code on a vulnerable system. Description Symantec Workspace Streaming is a software distribution solution that...
Foxit Reader vulnerable to arbitrary command execution
Overview Foxit Reader contains a vulnerability that may allow an attacker to execute arbitrary commands without requiring user interaction. Description Foxit Reader is software designed to view Portable Document Format PDF files. The Adobe PDF Reference supports a "Launch action" that "... launch...
eBay Enhanced Picture Uploader ActiveX control vulnerable to arbitrary command execution
Overview The eBay Enhanced Picture Uploader ActiveX control allows arbitrary commands to be executed. Description The eBay Enhanced Picture Uploader ActiveX control is used by the eBay web site to give Internet Explorer users additional functionality when uploading pictures to an auction. This...
HP Virtual Rooms ActiveX control fails to restrict access to dangerous methods
Overview The HP Virtual Rooms ActiveX control contains methods that can be used to download and execute arbitrary code from an arbitrary server. Description HP Virtual Rooms is software for online collaboration. HP Virtual Rooms requires Internet Explorer, as one of the components is an ActiveX...
Intercepting proxy servers may incorrectly rely on HTTP headers to make connections
Overview Proxy servers running in interception mode "transparent" proxies that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Description HTTP Host Headers are defined in RFC 2616 and are often used to by web servers to allow multiple websit...
FireFTP filename directory traversal sequence vulnerability
Overview The FireFTP Mozilla Firefox extension contains a vulnerability that may allow an attacker to write files to arbitrary locations. Description FireFTP is a Firefox extension that provides FTP client functionality. Firefox extensions can run with Chrome privileges which allow them to...
C compilers may silently discard some wraparound checks
Overview Some C compilers optimize away pointer arithmetic overflow tests that depend on undefined behavior without providing a diagnostic a warning. Applications containing these tests may be vulnerable to buffer overflows if compiled with these compilers. Description In the C language, given th...
UPnP enabled by default in multiple devices
Overview Multiple vendors ship devices with UPnP enabled by default. By convincing a user to open a malicious URL, an attacker may be able to remotely control or configure UPnP enabled devices. Description Universal Plug and Play UPnP is a collection of protocols maintained and distributed by the...
Yahoo! Messenger webcam stream heap overflow
Overview Yahoo! Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code. Description Yahoo! Messenger is an instant messaging application that is available for Windows, Mac, Unix, web, and mobile systems. Some version of Yahoo! Messenger, suc...
Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods
Overview The Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods, which can allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Novell exteNd Director is a set of software development tools and...
British Telecommunications Business Connect webhelper ActiveX control buffer overflows
Overview The British Telecommunications Business Connect webhelper ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The registration process for British Telecommunications BT intern...
OPeNDAP filesystem enumeration vulnerability
Overview The OPeNDAP server version 4 contains a file enumeration vulnerability. This vulnerability may allow an attacker to enumerate filesystem contents. Description OPeNDAP is a software package designed to help researchers exchange data sets that are stored in different formats. The most rece...
OPeNDAP code execution vulnerability
Overview OPeNDAP server version 3 contains a vulnerability that allows an attacker to execute comands on the server. Description From the OPenNDAP website:OPeNDAP provides software which makes local data accessible to remote locations regardless of local storage format. OPeNDAP also provides tool...
Microgaming Download Helper ActiveX control stack buffer overflow
Overview The Microgaming Download Helper ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microgaming provides software for online gaming, including online casinos. The Microgaming...
Trend Micro ServerProtect CMON_NetTestConnection() stack buffer overflow
Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONNetTestConnectionroutine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially...
Trend Micro ServerProtect STCommon stack buffer overflow
Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONActiveUpdate and CMONActiveRollbackroutines possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by...
Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets
Overview A vulnerability in the Sourcefire Snort DCE/RPC preprocessor may allow a remote, unauthenticated attacker to execute arbitrary code. Description Sourcefire Snort is a widely-deployed, open-source network intrusion detection system IDS. Snort and its components are used in other IDS...
Sun Solaris fails to properly process ICMP packets
Overview Sun Solaris fails to properly handle ICMP packets, which may allow a remote, unauthenticated attacker to cause a denial of service. Description Sun Solaris 10 contains an unspecified error that can cause a system panic when handling a specially crafted ICMP packet. Note that Solaris 8 an...
MySpace fails to properly filter user-supplied content
Overview The MySpace web site fails to properly filter user-supplied content, which may allow for cross-site scripting. Description MySpace is a social networking web site that allows users to post blog entries, photos, videos, and other content. MySpace blocks user-supplied JavaScript and VBScri...
Retro64 / Miniclip CR64Loader ActiveX control buffer overflow
Overview The Retro64 / Miniclip CR64Loader ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The CR64Loader Object is an ActiveX control developed by Retro64. The web sites...
eBay Enhanced Picture Services ActiveX control buffer overflow
Overview The eBay Enhanced Picture Services EPUImageControl Class ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to...
Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages
Overview The Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages, which may allow an attacker to overwrite any file on a vulnerable client as root. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...
Oracle Enterprise Manager Oracle Agent contains a buffer overflow
Overview Oracle Enterprise Manager Oracle Agent contains a buffer overflow vulnerability. Exploitation may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description The Oracle Agent provides remote management services for Oracle Enterprise...
Microsoft DirectShow buffer overflow
Overview A buffer overflow in Microsoft DirectShow may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectShow is a programming architecture for streaming multimedia on the Microsoft Windows platform. An input validation error in...
Microsoft ISA Server 2000 vulnerable to privilege escalation via "NETBIOS" connection
Overview Microsoft Internet Security and Acceleration Server 2000 contains an elevation of privilege vulnerability that allows an attacker to create unintended NetBIOS service connections within the affected ISA Server host. Description Microsoft ISA Server 2000 contains firewall, virtual private...
Groove Virtual Office COM objects may be accessed insecurely
Overview Groove Virtual Office may allow access restrictions on COM objects to be bypassed. Exploitation may allow an attacker to execute arbitrary code. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and various other too...
Sun StorEdge 6130 array may allow unauthorized users to delete data
Overview Some Sun StorEdge 6130 controller arrays may contain a flaw that allows a remote unprivileged user to gain unintended access and to delete arbitrary data. Description Sun StorEdge 6130 controller arrays with a serial number in the range 0451AWF00G - 0513AWF00J may contain an unknown flaw...
Apache Tomcat fails to properly handle certain requests
Overview Apache Tomcat does not properly handle certain types of requests allowing a remote attacker to cause a denial of service. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Tomcat uses the AJP12 protocol on TCP 8007 by default for...
Debian Linux Netkit telnetd-ssl contains a format string vulnerability
Overview Debian Linux Netkit telnetd-ssl contains a format string vulnerability that may allow a remote attacker to execute arbitrary code. Description An unspecified format string vulnerability in Debian Linux Netkit telnetd-ssl may allow a remote attacker to execute arbitrary code on a vulnerab...
phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter
Overview phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Description phpBB is an open-source bulletin board. A lack of inpu...
MailPost vulnerable to cross-site scripting via an executable requested with a trailing slash appended to the filename
Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack by adding a trailing '/' character to the executable filename. The...
Macromedia JRun Server is vulnerable to a cross-site scripting attack
Overview A cross-site scripting vulnerability exists in the Macromedia JRun Server Management Console that may allow an attacker to execute arbitrary code. Description JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is...
Mozilla may allow violation of cross-domain scripting policies via dragging
Overview A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source. Description Mozilla web browsers allow the dragging of links and objects from one window to another. Should the object copied ...
Powie's PSCRIPT Forum fails to filter user posts
Overview Powie's PSCRIPT Forum fails to properly sanitize user input, which allows an attacker to create a user profile that can execute arbitrary scripts in a victim's web browser when the victim views the profile. Description Powie's PSCRIPT Forum is an online forum application written in PHP...
Cisco IPsec VPNSM vulnerable to DoS via malformed IKE packet
Overview A vulnerability in a Cisco VPN module can allow a remote attacker to cause a denial-of-service to the device in which the module is installed. Description The Cisco IP Security IPsec VPN Services Module VPNSM is a high-speed module for the Cisco Catalyst 6500 Series Switch and the Cisco...
Gaim contains a buffer overflow vulnerability in the yahoo_decode() function
Overview There is a buffer overflow vulnerability in the Gaim yahoodecode function, which could cause a pointer to reference memory beyond the terminating null byte. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instan...
Monit fails to properly handle negative Content-Length fields
Overview Monit fails to properly handle HTTP requests containing a negative Content-Length field. Description Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. When processi...
KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader
Overview KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands. Description KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains ...
Multi-Tech ProxyServers ship with null password for administrative access
Overview Some versions of the Multi-Tech ProxyServer products ship without a default password for the administrative interface. Description Some versions of the Multi-Tech ProxyServer products ships without a default password for the administrative interface permitting unauthenticated access via...