3704 matches found
Powie's PSCRIPT Forum fails to filter user posts
Overview Powie's PSCRIPT Forum fails to properly sanitize user input, which allows an attacker to create a user profile that can execute arbitrary scripts in a victim's web browser when the victim views the profile. Description Powie's PSCRIPT Forum is an online forum application written in PHP...
Cisco IPsec VPNSM vulnerable to DoS via malformed IKE packet
Overview A vulnerability in a Cisco VPN module can allow a remote attacker to cause a denial-of-service to the device in which the module is installed. Description The Cisco IP Security IPsec VPN Services Module VPNSM is a high-speed module for the Cisco Catalyst 6500 Series Switch and the Cisco...
Gaim contains a buffer overflow vulnerability in the yahoo_decode() function
Overview There is a buffer overflow vulnerability in the Gaim yahoodecode function, which could cause a pointer to reference memory beyond the terminating null byte. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instan...
Monit fails to properly handle negative Content-Length fields
Overview Monit fails to properly handle HTTP requests containing a negative Content-Length field. Description Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. When processi...
KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader
Overview KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands. Description KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains ...
Multi-Tech ProxyServers ship with null password for administrative access
Overview Some versions of the Multi-Tech ProxyServer products ship without a default password for the administrative interface. Description Some versions of the Multi-Tech ProxyServer products ships without a default password for the administrative interface permitting unauthenticated access via...
Lotus Domino Web Retriever contains a buffer overflow vulnerability
Overview A buffer overflow vulnerability may be exploited via the Lotus Domino Web Retriever. Versions prior to 5.0.12 and 6.0 are affected. Description According to the Rapid7 Advisory:The Lotus Notes/Domino Web Retriever task is responsible for retrieving web pages on behalf of Notes users who...
Oracle9i Database contains remotely exploitable buffer overflow in "ORACLE.EXE"
Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 The buffer overflow exists in a...
Adobe Acrobat eBook Reader allows users to circumvent copying and printing restrictions
Overview A vulnerability in Adobe Acrobat eBook Reader allows local users to circumvent redistribution restrictions placed on an eBook by the publisher. Description The Adobe Acrobat eBook Reader allows one to read electronic books. The eBook Reader employs technology in order to control what the...
IBM AIX FC contains buffer overflow exploitable during session setup
Overview The FC client in IBM's AIX contains a buffer overflow that may cause a core dump in the client. Description The IBM AIX FC client allows a buffer overflow of a few bytes in the client process, which could cause intermittent core dumps during session setup. Overflowing the buffer is...
webMathematica discloses the contents of arbitrary files when file is requested using the absolute path
Overview A directory traversal vulnerability exists in webMathematica. Description webMathematica provides a way to offer access to Mathematica applications via a web browser interface. For example, one can deploy calculators, problem solvers, and other types of interactive content over the web.B...
Yahoo! Messenger allows arbitrary users to be added to buddy list without proper authorization
Overview Yahoo! Messenger is an instant messaging client. There is a vulnerability in Yahoo! Messenger that permits a remote user to add arbitrary users to the victim's buddy list. Description Yahoo! Messenger allows users to view content only from users on their buddy list. An attacker could cra...
Oracle Web Cache contains buffer overflow vulnerabilities
Overview The CERT/CC is aware of a report about "several remotely exploitable buffer overflow vulnerabilities in the Oracle Web Cache Server" that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Web Cache process. Description The Oracle Web Cac...
Taskpads ActiveX Control incorrectly marked safe-for-scripting
Overview The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting. Description The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back...
Microsoft MSN Messenger Chat Control contains a buffer overflow in "ResDLL" parameter
Overview Microsoft's MSN Chat is an ActiveX control for Microsoft Messenger, an instant messaging client. A buffer overflow exists in the ActiveX control that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. Description A buffer overflo...
Buffer overflow vulnerability in grpck command line utility
Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the grpck utility. Description The grpck utility performs syntax checking of /etc/group and /etc/gshadow group information files. This utility contains a buffer overflow vulnerability in the section of...
Microsoft Internet Explorer does not properly handle document.open()
Overview Microsoft Internet Explorer contains a vulnerability in which a script from one source is permitted to access files on the client's file system. An attacker may be able to read cookies and other files on a target system, and spoof Internet sites by creating believable window titles...
Advanced Poll does not adequately authenticate users
Overview Advanced Poll is a polling system written in PHP for use on web sites. When a flat file database is used, Advanced Poll does not adequately authenticate users, thereby allowing any user to gain Advanced Poll administrative privileges. Description On versions of Advanced Poll older than...
MandrakeSoft Mandrake Linux Apache default configuration enables Perl ProxyPass server on 8200/tcp
Overview The default installation of Apache on MandrakeSoft Mandrake Linux configures an instance of the server to run apache-modperl listening on port 8200/tcp. Description MandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The default...
RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle URL encoded characters in URL
Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle URL encoded characters contained in a URL. A specially crafted request may bypass authentication and expose the contents of...
getty_ps creates temporary files insecurely
Overview gettyps is an open-source software package designed to support logons to the console and terminals. Some implementations create temporary files insecurely with predictable names, leading to corruption of arbitrary files via symbolic link attack. Description Under certain circumstances,...
Weaknesses in the SSH protocol simplify brute-force attacks against passwords typed in an existing SSH session
Overview There is a vulnerability in the SSH protocol that can simplify brute force attacks against passwords typed within an existing SSH session. Description Researchers at the University of California at Berkeley have determined that by monitoring the delays between SSH packets transmitted...
Web-based email services filtering systems vulnerable to malicous script execution
Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript which can lead to...
Beck GmbH IPC@Chip FtpD allows an attacker to gain access to the device
Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device also contains an ftp server that is configured by default to allow anonymous access. Additionally, the device...
Buffer Overflows in various email clients
Overview Buffer Overflows in several MIME headers affect a large number of electronic mail clients. Description A variety of electronic mail clients circa 1998 are vulnerable to buffer overflow attacks in the code that processes MIME headers. See the vendor statements referenced below for details...
Microsoft Windows 2000 Telnet Service fails to reject oversized username input values
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability in the section of code that performs range...
phpBB does not adequately validate user input thereby allowing user to gain escalated privileges via manipulated SQL query
Overview phpBB is an open-source bulletin board program. There exists a user input validation problem with regard to the parsing of the URL. An intruder can excute limited SQL queries and gain administrative privileges on the bulletin board. Description phpBB has a user input validation problem...
Critical Path directory products contain multiple vulnerabilities in LDAP handling code
Overview Multiple Critical Path directory products contain vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses th...
Allaire JRun Java Application Server vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the Allaire JRun Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...
IBM SecureWay Directory is vulnerable to denial-of-service attacks via LDAP handling code
Overview The IBM SecureWay Directory contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this product, t...
RhinoSoft FTP Voyager FtpTree incorrectly marked "safe for scripting"
Overview FTP Voyager is an FTP client implemented as an ActiveX control. It is incorrectly marked as "safe for scripting" allowing malicious web pages or email messages to upload and download files. Description FTP Voyager is an FTP client implemented as an ActiveX control. An ActiveX control may...
Ollama GGUF Quantization Remote Memory Leak
Overview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sensitive data and, i...
Hiawatha open-source web server has multiple vulnerabilities
Overview Hiawatha is an open-source webserver for Unix that has packages for Windows, macOS, and a variety of Linux distributions. Three vulnerabilities were identified for this lightweight web-server: improper handling of HTTP headers; an authentication-timing attack in the Tomahawk component; a...
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
Overview A vulnerability has been discovered within many HTTP/2 implementations allowing for denial of service DoS attacks through HTTP/2 control frames. This vulnerability is colloquially known as "MadeYouReset" and is tracked as CVE-2025-8671. Some vendors have assigned a specific CVE to their...
Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium
Overview Comodo Chromodo browser, version 45.8.12.391, and possibly earlier, bundles the Ad Sanitizer extension, version 1.4.0.26, which disables the same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated...
EMC AutoStart is vulnerable to remote code execution via specially crafted packets
Overview EMC AutoStart, version 5.5.0 and earlier, is vulnerable to remote command execution via specially crafted packets. Description EMC AutoStart is an enterprise software application developed to help networks and service maintain a high level of availability. AutoStart can manage clusters o...
Hewlett-Packard Network Automation contains multiple vulnerabilities
Overview HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain multiple vulnerabilities affecting the administrative web interface. Description HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain vulnerabilities in the administrative web interface, including multiple cro...
D-Link DAP-1320 Rev Ax is vulnerable to a command injection
Overview The D-Link DAP-1320 Rev Ax firmware update mechanism contains a command injection vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' A remote unauthenticated attacker may execute commands on the device by taking...
drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site scripting and cross-site request forgery
Overview drchrono Electronic Health Record EHR web applications allow cross-site scripting XSS and cross-site request forgery CSRF that could allow an attacker to obtain sensitive patient information. Description drchrono provides an EHR web application service at drchrono.com, onpatient.com, and...
Microsoft XMLDOM ActiveX control information disclosure vulnerability
Overview The Microsoft XMLDOM ActiveX control can be used to check for the presence of multiple resources, which can result in unintended information disclosure. Description Microsoft.XMLDOM is an ActiveX control that can run in Internet Explorer without requiring any prompting to the user. This...
ASUS Wireless Router products contain a static DNS entry
Overview The ASUS WL-330NUL Pocket Wifi router and possibly other products contain a static DNS entry to the device's configuration pages. Description The ASUS WL-330NUL Pocket Wifi router and possibly other products contain static DNS entries to the device's configuration pages. The documentatio...
Dell SonicWALL Scrutinizer SQL injection vulnerability
Overview Dell SonicWALL Scrutinizer 9.5.0 and older versions contain a SQL injection vulnerability. Description The Dell SonicWALL service bulletin states:"After the release of Dell SonicWALL Scrutinizer 9.5.0, we received a report of an issue whereby a Scrutinizer user who had already...
Video drivers may fail to support Address Space Layout Randomization (ASLR)
Overview Some video drivers fail to support ASLR in Microsoft EMET "Always on" mode, which can limit the amount that such a system can be secured. Description ASLR, when combined with DEP Data Execution Prevention can be an effective mitigation against exploitation of vulnerabilities. For more...
Unbound DNS resolver denial of service vulnerability
Overview A specially crafted DNS query may cause Unbound to respond with an empty UDP packet which triggers an assertion failure and stops the daemon. Description NLnetLabs advisory states:"Certain types of DNS queries may cause Unbound to respond with a DNS error message. The code generating thi...
NSD vulnerable to one-byte overflow
Overview A vulnerability exists in the way NSD processes certain types of packets that may lead to a one-byte buffer overflow. Description Name server daemon NSD is an open source name server developed by NLnet Labs. NSD contains an off-by-one error that can cause a one-byte buffer overflow when...
BusinessObjects RptViewerAX ActiveX control stack buffer overflow
Overview The BusinessObjects RptViewerAX ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description BusinessObjects 6.5 includes an ActiveX control called RptViewerAX, which is provided by...
Cisco Adaptive Security Appliance insecurely logs passwords
Overview The Cisco Adaptive Security Appliance ASA firewall may log user credentials, including passwords, as plain text when AAA authentication is enabled. Description The Cisco Adapative Security Appliance ASA is a firewall with Intrusion Protection System IPS, Stateful Packet Inspection SPI, a...
LEAD Technologies JPEG 2000 ActiveX control buffer overflow
Overview The LEAD Technologies JPEG 2000 ActiveX control contains a buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description LEAD Technologies provides imaging software for Windows. The LEAD JPEG 2000 ActiveX control, which ...
Airodump-ng buffer overflow vulnerability
Overview The airodump-ng program, which is a part of the aircrack-ng suite, contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute code. Description The aircrack-ng suite is a group of related programs that can be used to recover W...
Microsoft Windows Print Spooler service fails to properly handle RPC requests
Overview The Microsoft Windows Print Spooler fails to properly handle malformed RPC requests. This vulnerability may allow a remote attacker to cause a denial-of-service condition. Description The Microsoft Print Spooler service manages printing operations on a system. The Print Spooler service...