3695 matches found
Sun Solaris fails to properly process ICMP packets
Overview Sun Solaris fails to properly handle ICMP packets, which may allow a remote, unauthenticated attacker to cause a denial of service. Description Sun Solaris 10 contains an unspecified error that can cause a system panic when handling a specially crafted ICMP packet. Note that Solaris 8 an...
Novell NetMail IMAP vulnerable to buffer overflow when processing command continuation requests
Overview A vulnerability in the way Novell Netmail handles IMAP command continuation requests may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell Netmail's IMAP server, imapd.exe, fails to properly check user input. A buffer overflow may occur when...
NeoScale Systems CryptoStor 700 series appliances fail to properly perform two-factor authentication
Overview NeoScale Systems CryptoStor 700 series appliances fail to properly perform two-factor authentication. This can make it easier to bypass the CryptoStor authentication process. Description NeoScale Systems CryptoStor Tape units are tape backup encryption appliances. CryptoStor 700 series...
Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
Overview A vulnerability in the way Microsoft Internet Explorer handles certain script errors may lead to memory corruption that may allow remote execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability that could be exploited when handling...
AOL Nullsoft Winamp Lyrics3 heap buffer overflow
Overview AOL Nullsoft Winamp contains a heap-based buffer overflow in the code that handles Lyrics3 tags. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description Lyrics3 is a system for embedding the lyrics inside an MP3 song file...
Retro64 / Miniclip CR64Loader ActiveX control buffer overflow
Overview The Retro64 / Miniclip CR64Loader ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The CR64Loader Object is an ActiveX control developed by Retro64. The web sites...
Cisco Access Point Web Browser Interface contains a vulnerability
Overview A vulnerability in the HTTP management interface for some configurations of Cisco wireless access points could allow a remote attacker to take complete control over the affected device. Description Cisco wireless access points allow administrators to create more than one set of...
Yahoo! Mail script injection vulnerability
Overview A script injection vulnerability exists in Yahoo! Mail. Description Yahoo! Mail is vulnerable to script injection. Specifically, Yahoo! Mail fails to properly filter the body of email messages for script code. If a remote attacker can persuade a user to open a specially crafted email...
Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages
Overview The Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages, which may allow an attacker to overwrite any file on a vulnerable client as root. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...
Secure Elements Class 5 AVR uses the same RSA key for all installations
Overview Secure Elements Class 5 AVR uses the same RSA key for all installations. This may allow a remote attacker to decrypt communications between systems. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces...
Symantec Scan Engine fails to properly perform authentication
Overview Symantec Scan Engine administrative web interface fails to properly authenticate users, which may allow a remote attacker to gain administrative access to the software. Description The Symantec Scan Engine provides a programming interface to Symantec content scanning and virus detection...
AOL You've Got Pictures ActiveX control buffer overflow
Overview The AOL You've Got Pictures service contains a buffer overflow that may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description AOL You've Got Pictures provides digital photography storage and manipulation services for AOL users. There is a...
First4Internet CodeSupport ActiveX controls incorrectly marked 'safe for scripting'
Overview An ActiveX control used to uninstall XCP Digital Rights Management DRM software made by First 4 Internet and distributed on some Sony BMG audio CDs is marked "Safe for scripting" Description XCP Digital Rights Management DRM software by First 4 Internet, which is distributed by some Sony...
Microsoft DirectShow buffer overflow
Overview A buffer overflow in Microsoft DirectShow may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectShow is a programming architecture for streaming multimedia on the Microsoft Windows platform. An input validation error in...
VERITAS Backup Exec Server Service contains a buffer overflow vulnerability
Overview A heap-based buffer overflow in VERITAS Backup Exec Admin Plus Pack Option may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.VERITA...
Sun StorEdge 6130 array may allow unauthorized users to delete data
Overview Some Sun StorEdge 6130 controller arrays may contain a flaw that allows a remote unprivileged user to gain unintended access and to delete arbitrary data. Description Sun StorEdge 6130 controller arrays with a serial number in the range 0451AWF00G - 0513AWF00J may contain an unknown flaw...
The ActiveX and HTML file browsers of the Symantec 4400 Series Clientless VPN Gateway contains various unspecified vulnerabilities
Overview The ActiveX and HTML file browsers in the Symantec Clientless VPN Gateway 4400 Series contain various unspecified vulnerabilities. Description The Symantec Clientless VPN Gateway 4400 Series is a stand-alone security appliance for connecting remote users to a trusted network via a virtua...
Multiple Cisco ONS control cards fail to properly handle invalid TCP responses
Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...
Cisco IPsec VPNSM vulnerable to DoS via malformed IKE packet
Overview A vulnerability in a Cisco VPN module can allow a remote attacker to cause a denial-of-service to the device in which the module is installed. Description The Cisco IP Security IPsec VPN Services Module VPNSM is a high-speed module for the Cisco Catalyst 6500 Series Switch and the Cisco...
BEA WebLogic Server fails to properly validate certificate chains
Overview There is a vulnerability in BEA WebLogic Server in which certificate chains rejected by the custom trust manager could still be accepted by the server. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating,...
Monit fails to properly handle negative Content-Length fields
Overview Monit fails to properly handle HTTP requests containing a negative Content-Length field. Description Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. When processi...
Sun Solaris contains a vulnerability in the tcsetattr() library function
Overview A vulnerability in the Sun Solaris tcsetattr library function could allow a unprivileged local user to cause the system to hang. Description Sun Solaris uses a tcsetattr library function to set the parameters associated with the terminal. There is an unspecified vulnerability in the...
Ethereal fails to properly handle a zero-length Presentation protocol selector
Overview Ethereal fails to properly handle a zero-length Presentation protocol selector, which could cause Ethereal to crash. Description Ethereal is a network traffic analysis package. There is a vulnerability in the way Ethereal processes a zero-length Presentation protocol selector. Exploitati...
IBM Net.Data db2www CGI interpreter fails to properly validate requested macro filenames
Overview IBM Net.Data fails to properly validate user input passed to the db2www CGI interpreter, which could allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description IBM Net.Data is a scripting language used to create web applications. Net.Data macros are...
Multiple Real media players fail to properly validate SMIL files
Overview Multiple Real media players fail to properly validate synchronized multimedia integration language SMIL files which may permit a remote attacker to gain sensitive information. Description RealNetworks Real media players are multimedia applications that allow users to view local and remot...
Ethereal contains multiple one-byte buffer overflows in several dissectors
Overview Ethereal is a network traffic analysis package. Several packet dissectors contain a vulnerability that may cause a denial-of-service situation. Description Several packet dissectors for Ethereal contain a one-byte buffer overflow vulnerability. According to the Ethereal Advisory,...
Microsoft Windows Media Player fails to properly evaluate URLs when downloading skin files
Overview Microsoft Media Player contains a vulnerability in the parsing of "Skin Files" that may permit a remote attacker to download arbitrary files to a known location on the local system. Description Microsoft Media Player is an application that plays various types of media files. The user can...
RealSystem Proxy contains buffer overflow
Overview A buffer overflow vulnerability exists in the RealSystem Proxy. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable host. An exploit exists for this vulnerability and is publicly available. Description RealSystem Proxy is a streaming media proxy-cache...
Incorrect NXDOMAIN responses from AAAA queries could cause denial-of-service conditions
Overview Some DNS servers respond with an inappropriate error message if queried for nonexistent AAAA records, which can lead to possible denial of service. Description Some DNS servers respond with a "Name Error" response code NXDOMAIN, RCODE 3 instead of "No Error" RCODE 0 when queried for a...
Lotus Domino Web Retriever contains a buffer overflow vulnerability
Overview A buffer overflow vulnerability may be exploited via the Lotus Domino Web Retriever. Versions prior to 5.0.12 and 6.0 are affected. Description According to the Rapid7 Advisory:The Lotus Notes/Domino Web Retriever task is responsible for retrieving web pages on behalf of Notes users who...
Lotus Domino Web Server vulnerable to buffer overflow via non-existent "h_SetReturnURL" parameter with an overly long "Host Header" field
Overview Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to execute arbitrary code on the server. Description Lotus Domino Web Server contains a vulnerability in the nhttp.exe...
Adobe Acrobat eBook Reader allows users to circumvent copying and printing restrictions
Overview A vulnerability in Adobe Acrobat eBook Reader allows local users to circumvent redistribution restrictions placed on an eBook by the publisher. Description The Adobe Acrobat eBook Reader allows one to read electronic books. The eBook Reader employs technology in order to control what the...
Mac OS X utility gm4 contains format string vulnerability
Overview The gm4 utility of Mac OS X contains a buffer overflow, which may allow a root compromise through other programs. Description The gm4 utility of Mac OS X contains a buffer overflow. Some setuid root programs on Mac OS X may rely on gm4, possibly allowing a root compromise through these...
Multiple vendors' email content/virus scanners do not adequately check "message/partial" MIME entities
Overview Email anti-virus scanners and content filters from multiple vendors do not adequately check messages containing "message/partial" MIME entities RFC 2046. As a result, viruses, malicious code, or other restricted content may not be detected. Description Section 5.2.2 of RFC 2046 defines t...
Internet Key Exchange (IKE) protocol discloses identity when Aggressive Mode shared secret authentication is used
Overview The Internet Key Exchange IKE protocol discloses username information when Aggressive Mode is used for shared secret authentication. Description The Internet Key Exchange IKE protocol provides a negotiation mechanism that allows an initiator to establish an encrypted session with a...
HP Tru64 UNIX "passwd" contains buffer overflow (SSRT2192)
Overview The HP Tru64 UNIX implementation of "passwd" contains a locally exploitable buffer overflow. Description "passwd" is a utility used to change the password for the current user. A locally exploitable buffer overflow in "passwd" may permit a local attacker to gain elevated privileges and...
Real Networks RealJukebox2 vulnerable to arbitrary code execution via crafted skin file
Overview RealNetwork's RealJukebox and RealONE Gold players are media applications that permit users to stream audio and video from local and internet sources. A vulnerability exists in the applications that could permit the execution of arbitrary code by a remote attacker. Description RealJukebo...
SGI IRIX contains vulnerability in rpc.passwd allowing for root compromise
Overview There is a vulnerability in rpc.passwd that could allow root compromise. Description /usr/etc/rpc.passwd, part of the nfs.sw.nis subsystem on IRIX 6.5, could permit a root compromise. No other details are available. --- Impact Intruders could gain root access. --- Solution Apply a patch ...
webMathematica discloses the contents of arbitrary files when file is requested using the absolute path
Overview A directory traversal vulnerability exists in webMathematica. Description webMathematica provides a way to offer access to Mathematica applications via a web browser interface. For example, one can deploy calculators, problem solvers, and other types of interactive content over the web.B...
Oracle Web Cache contains buffer overflow vulnerabilities
Overview The CERT/CC is aware of a report about "several remotely exploitable buffer overflow vulnerabilities in the Oracle Web Cache Server" that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Web Cache process. Description The Oracle Web Cac...
Microsoft Internet Explorer may handle certain web pages in an incorrect, less restrictive security zone (MS02-023)
Overview Microsoft Internet Explorer IE may handle malformed Internet pages accessed through the NetBIOS protocol as if they belong to the IE's Intranet or Trusted Sites security zones, instead of the more restrictive Internet security zone. Description If a user views a page on the Internet that...
Verisign transmits sensitive customer information in plain text when applying for a "Code Signing Digital ID"
Overview Verisign offers a service entitled "Code Signing Digital ID for Microsoft Authenticode." Information that is submitted to this site is not transmitted via an SSL secured session, instead it is transmitted in the plain-text. Description Verisign offers a service entitled "Code Signing...
Microsoft Internet Explorer does not adequately evaluate malformed URLs
Overview Microsoft Internet Explorer contains a serious vulnerability in its handling of zone determination. Description Microsoft Internet Explorer contains a vulnerability in the way in which it handles zone determination. Specifically, HTML scripts stored in cookies should be executed in the...
Advanced Poll does not adequately authenticate users
Overview Advanced Poll is a polling system written in PHP for use on web sites. When a flat file database is used, Advanced Poll does not adequately authenticate users, thereby allowing any user to gain Advanced Poll administrative privileges. Description On versions of Advanced Poll older than...
OpenSSH fails to properly apply source IP based access control restrictions
Overview OpenSSH is an implementation of the Secure Shell protocol. A user may be able to bypass the IP based access control restriction feature specified in a key when two keys of varying types are specified. Description Versions of OpenSSH between 2.5.x - 2.9.x may fail to enforce the IP based...
RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle URL encoded characters in URL
Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle URL encoded characters contained in a URL. A specially crafted request may bypass authentication and expose the contents of...
Php variables passed from the browser are stored in global context
Overview Php is a dynamic scripting language used by programmers to develop webservers, message boards, chat applications and a variety of programs. By default php stores variables passed from the URL in a global context. Programmers often fail to change this setting which can allow serious...
Weaknesses in the SSH protocol simplify brute-force attacks against passwords typed in an existing SSH session
Overview There is a vulnerability in the SSH protocol that can simplify brute force attacks against passwords typed within an existing SSH session. Description Researchers at the University of California at Berkeley have determined that by monitoring the delays between SSH packets transmitted...
IBM AIX nslookup buffer overflow in lex routines
Overview There is a problem with the nslookup program related to the handling of long strings. Description This problem is reported to be the result of incorrect bounds checking on the part of the lex routines used in nslookup. This vulnerability is mentioned in an IBM advisory as being exploited...
Beck GmbH IPC@Chip FtpD allows an attacker to gain access to the device
Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device also contains an ftp server that is configured by default to allow anonymous access. Additionally, the device...