3695 matches found
Hewlett-Packard Network Automation contains multiple vulnerabilities
Overview HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain multiple vulnerabilities affecting the administrative web interface. Description HP Network Automation versions 9.0x, 9.1x, 9.2x, and 10.x contain vulnerabilities in the administrative web interface, including multiple cro...
drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site scripting and cross-site request forgery
Overview drchrono Electronic Health Record EHR web applications allow cross-site scripting XSS and cross-site request forgery CSRF that could allow an attacker to obtain sensitive patient information. Description drchrono provides an EHR web application service at drchrono.com, onpatient.com, and...
Webmin contains a cross-site scripting vulnerability
Overview Webmin 1.670, and possibly earlier versions, contains a cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Webmin 1.670, and possibly earlier versions, contains a cross-site scripting vulnerability in...
Microsoft XMLDOM ActiveX control information disclosure vulnerability
Overview The Microsoft XMLDOM ActiveX control can be used to check for the presence of multiple resources, which can result in unintended information disclosure. Description Microsoft.XMLDOM is an ActiveX control that can run in Internet Explorer without requiring any prompting to the user. This...
Verizon Wireless Network Extender multiple vulnerabilities
Overview iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devic...
Sielco Sistemi Winlog server stack overflow
Overview Sielco Sistemi Winlog TCP/IP server contains a stack overflow vulnerability Description According to Sielco Sistemi's website: "Winlog is a software package for SCADA/HMI applications with web support, OPC client and a wide library of communication drivers and protocols for most PLCs...
FireFTP filename directory traversal sequence vulnerability
Overview The FireFTP Mozilla Firefox extension contains a vulnerability that may allow an attacker to write files to arbitrary locations. Description FireFTP is a Firefox extension that provides FTP client functionality. Firefox extensions can run with Chrome privileges which allow them to...
BusinessObjects RptViewerAX ActiveX control stack buffer overflow
Overview The BusinessObjects RptViewerAX ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description BusinessObjects 6.5 includes an ActiveX control called RptViewerAX, which is provided by...
Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods
Overview The Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods, which can allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Novell exteNd Director is a set of software development tools and...
LiveData Server fails to properly handle Connection-Oriented Transport Protocol packets
Overview The LiveData Server fails to handle malformed Connection-Oriented Transport Protocol COTP packets. This vulnerability may allow a remote attacker to crash the LiveData Server. Description The LiveData Server records and transmits data between two or more control systems. The...
Airodump-ng buffer overflow vulnerability
Overview The airodump-ng program, which is a part of the aircrack-ng suite, contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute code. Description The aircrack-ng suite is a group of related programs that can be used to recover W...
Microgaming Download Helper ActiveX control stack buffer overflow
Overview The Microgaming Download Helper ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microgaming provides software for online gaming, including online casinos. The Microgaming...
Symantec Automated Support Assistant ActiveX control buffer overflow
Overview The Symantec Automated Support Assistant ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Symantec Automated Support Assistant control is an ActiveX control that comes with...
Yahoo! Mail script injection vulnerability
Overview A script injection vulnerability exists in Yahoo! Mail. Description Yahoo! Mail is vulnerable to script injection. Specifically, Yahoo! Mail fails to properly filter the body of email messages for script code. If a remote attacker can persuade a user to open a specially crafted email...
Secure Elements Class 5 AVR server fails to validate source address of messages
Overview The Secure Elements Class 5 AVR server fails to validate the source address of messages it receives. This may allow an attacker to forge messages to the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and...
Secure Elements Class 5 AVR server contains hard-coded user ID and password
Overview The Secure Elements Class 5 AVR server contains a hard-coded user ID and password. This may allow a remote unauthenticated attacker to gain access to the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors an...
Oracle Diagnostic Tools do not properly authenticate users
Overview Oracle Diagnostic Tools fail to properly authenticate users before granting access to tools and tool resources. This may allow a remote, unauthenticated attacker to access and execute diagnostic tools on an Oracle E-Business Suite installation. Description Oracle Diagnostic Tools Oracle...
First4Internet CodeSupport ActiveX controls incorrectly marked 'safe for scripting'
Overview An ActiveX control used to uninstall XCP Digital Rights Management DRM software made by First 4 Internet and distributed on some Sony BMG audio CDs is marked "Safe for scripting" Description XCP Digital Rights Management DRM software by First 4 Internet, which is distributed by some Sony...
Clam AntiVirus contains a buffer overflow vulnerability
Overview A buffer overflow in Clam AntiVirus ClamAV may allow a remote attacker to execute arbitrary code. Description Clam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV libclamav/upx.c may allow a buff...
WebEOC handles sensitive information in an insecure manner
Overview WebEOC handles sensitive information in an insecure manor. As a result, sensitive information may be exposed to untrusted parties. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate information betwee...
IPsec configurations may be vulnerable to information disclosure
Overview The IPsec Encapsulating Security Payload protocol used in tunneling mode may be vulnerable to multiple attacks when confidentiality mode is used without integrity protection, or in certain cases where integrity protection is provided by higher-level protocols. Description The IP Security...
HP-UX FTP daemon is vulnerable to a buffer overflow
Overview The HP-UX FTP daemon ftpd contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code. Description The HP-UX FTP daemon ftpd is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is...
Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting vulnerabilities
Overview Microsoft Windows SharePoint Services and SharePoint Team Services contain cross-site scripting vulnerabilities. These vulnerabilities could be exploited to execute arbitrary code in the security context of the affected user. Description Microsoft Windows SharePoint Services for Windows...
phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter
Overview phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Description phpBB is an open-source bulletin board. A lack of inpu...
Multiple web browsers do not properly interpret BASE and FORM elements when displaying URLs in the status bar
Overview Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the status bar wh...
sudoedit can expose protected file contents
Overview Sudo's -e option sudoedit improperly handles temporary files, allowing an attacker to read files that would otherwise be inaccessible. Description Sudo is a utility that allows specific users to run certain commands as root. Beginning with version 1.6.8, sudo provides safe editing...
Mozilla fails to properly handle script-generated events
Overview There is a vulnerability the way Mozilla handles script-generated events that could allow a remote, unauthenticated attacker to access data contained on the victim's clipboard. Description Mozilla is an open-source web browser, email/newsgroup client, IRC client, and HTML editor availabl...
Oracle Enterprise Manager contains several vulnerabilities
Overview Several vulnerabilities exist in the Oracle Enterprise Manager. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have a valid operating system user account on the Enterprise Manager host. Description The Oracle Enterprise Manage...
HP OpenView Select Access fails to properly decode UTF-8 encoded unicode characters in URLs
Overview There is a vulnerability in the way HP OpenView Select Access decodes UTF-8 encoded unicode characters in URLs. This vulnerability could allow a remote user to gain access to resources the user would otherwise be unauthorized to access. Description HP OpenView Select Access is a software...
Cisco Catalyst reboots in response to an SSH "protocol mismatch" error
Overview Multiple versions of Cisco Catalyst switches contain a denial-of-service vulnerability that allows unauthenticated remote users to restart an affected device. Description Cisco Catalyst switches in the 6000, 5000, and 4000 series contain a vulnerability in their SSH support component. Th...
Solaris conv_fix insecure file handling vulnerability
Overview A vulnerability in a program supplied with the Solaris printing system could allow a local attacker to gain elevated privileges on the system. Description The Solaris operating system from Sun Microsystems includes a number of supplemental programs to aid in configuration and maintenance...
Oracle9i Database contains buffer overflow in FROM_TZ() function
Overview Oracle9i Database contains a buffer overflow in the FROMTZ function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the FROMTZ function. This function is...
Whale Communications e-Gap security appliance discloses source code via HTTP TRACE Method
Overview Whale communications e-Gap security appliance is a tool to provide a secure remote web access platform. A vulnerability exists that may permit a remote attacker to gain access to the source code of the login page. Description Whale communications e-Gap security appliance version 2.5...
Microsoft Access Snapshot Viewer vulnerable to buffer overflow when validating parameters
Overview A remotely exploitable vulnerability exists in the Microsoft Access Snapshot Viewer ActiveX control. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the local system with the privileges of the current user. Description According to Microsoft'...
Oracle Database Server contains stack overflow in logging mechanism when supplied overly long library name
Overview There is a buffer overflow in several versions of Oracle Database. The impact of this vulnerability may include the execution of arbitrary code; the ability to read, modify, or delete information stored in underlying Oracle databases; and denial of service. Description A buffer overflow...
X servers may have insecure default configuration of xhosts
Overview Some X server products client software for connecting to a host with Xwindows capabilities may be configured insecurely by default. Description In X windows terminology, the X server is the software which provides "services" to the client, while the X client is the software that makes...
Ethereal DCE RPC dissector vulnerable to DoS
Overview A vulnerability in Ethereal may allow a remote attacker to cause a denial of service. Description The Ethereal web site describes Ethereal as "a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can...
Linux kernel IP stack incorrectly calculates size of an ICMP citation for ICMP errors
Overview The Linux 2.0 kernel contains a vulnerability in the way it processes ICMP errors. This could lead to portions of memory being leaked to a malicious user. Description The Linux 2.0 kernel versions 2.0 through 2.0.39 inclusive contains an error in the calculation of the size for an ICMP...
Kerio Personal Firewall vulnerable to replay attack
Overview Kerio Personal Firewall contains a vulnerability that may allow a remote attacker to replay an administration session. Description Kerio Technologies Inc. describes the Kerio Personal Firewall as follows:Kerio Personal Firewall KPF is a software agent that builds a barrier between your...
RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string for the "Describe" field
Overview The RealNetworks' Helix Universal Server supports delivery of several different media types over the Internet via RTSP Real Time Streaming Protocol. Vulnerabilities have been discovered in the way it handles some RTSP requests. These vulnerabilities could allow a remote attacker to execu...
Lotus Domino Web Server vulnerable to denial of service via incomplete POST request
Overview Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to cause a denial-of-service situation for HTTP requests. Description Lotus Domino Web Server contains a vulnerability in...
Oracle9i Database contains remotely exploitable buffer overflow in "TO_TIMESTAMP_TZ" function
Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 A buffer overflow exists in...
University of Washington IMAP Server vulnerable to buffer overflow after login
Overview A buffer overflow vulnerability exists in versions of the University of Washington IMAP Server up to and including the imap-2002 release. This vulnerability may allow an authenticated attacker to execute arbitrary code on the mail server with the privileges of the UID of the user running...
Netegrity SiteMinder does not adequately validate user input thereby allowing user to bypass filters via crafted URL
Overview Netegrity SiteMinder does adequately vaildate HTTP requests containing malicious Unicode encodings. Description Netegrity SiteMinder is a platform for securing multiple web applications through a single point of user authentication. SiteMinder does not properly filter HTTP requests when...
Multiple vendors' HTTP content/virus scanners do not check data tunneled via HTTP CONNECT method
Overview Multiple vendors' HTTP anti-virus and content filters do not inspect the contents of HTTP CONNECT method tunnels. As a result, viruses or other restricted HTTP content may not be blocked as specified by policy. Description Many anti-virus and content filter products that are designed to...
HP Tru64 UNIX "chfn" contains buffer overflow (SSRT2259)
Overview The HP Tru64 UNIX implementation of "chfn" contains a locally exploitable buffer overflow. Description A locally exploitable buffer overflow in "chfn" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. --- Impact A local user may be...
rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution
Overview There exist several signed-integer vulnerabilities in rsync. If rsync is run as a daemon, a remote-root compromise may be possible. Description Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the defaul...
Multiple vendors' email content/virus scanners do not adequately check "message/partial" MIME entities
Overview Email anti-virus scanners and content filters from multiple vendors do not adequately check messages containing "message/partial" MIME entities RFC 2046. As a result, viruses, malicious code, or other restricted content may not be detected. Description Section 5.2.2 of RFC 2046 defines t...
HP Tru64 UNIX "uucp" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uucp" contains a locally exploitable buffer overflow. Description "uucp" is used to copy files between hosts. A locally exploitable buffer overflow in "uucp" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "lpd" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "lpd" contains a locally exploitable buffer overflow. Description "lpd" is used to handle the printer spool area. A locally exploitable buffer overflow in "lpd" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...