3704 matches found
Secure Elements Class 5 AVR uses the same RSA key for all installations
Overview Secure Elements Class 5 AVR uses the same RSA key for all installations. This may allow a remote attacker to decrypt communications between systems. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces...
Symantec Scan Engine fails to properly perform authentication
Overview Symantec Scan Engine administrative web interface fails to properly authenticate users, which may allow a remote attacker to gain administrative access to the software. Description The Symantec Scan Engine provides a programming interface to Symantec content scanning and virus detection...
Pubcookie application server modules contain cross-site scripting vulnerabilities
Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...
AOL You've Got Pictures ActiveX control buffer overflow
Overview The AOL You've Got Pictures service contains a buffer overflow that may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description AOL You've Got Pictures provides digital photography storage and manipulation services for AOL users. There is a...
First4Internet CodeSupport ActiveX controls incorrectly marked 'safe for scripting'
Overview An ActiveX control used to uninstall XCP Digital Rights Management DRM software made by First 4 Internet and distributed on some Sony BMG audio CDs is marked "Safe for scripting" Description XCP Digital Rights Management DRM software by First 4 Internet, which is distributed by some Sony...
Clam AntiVirus contains a buffer overflow vulnerability
Overview A buffer overflow in Clam AntiVirus ClamAV may allow a remote attacker to execute arbitrary code. Description Clam AntiVirus is a UNIX-based, anti-virus toolkit often deployed with mail servers to detect malicious attachments. A signedness error in ClamAV libclamav/upx.c may allow a buff...
WebEOC handles sensitive information in an insecure manner
Overview WebEOC handles sensitive information in an insecure manor. As a result, sensitive information may be exposed to untrusted parties. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate information betwee...
IPsec configurations may be vulnerable to information disclosure
Overview The IPsec Encapsulating Security Payload protocol used in tunneling mode may be vulnerable to multiple attacks when confidentiality mode is used without integrity protection, or in certain cases where integrity protection is provided by higher-level protocols. Description The IP Security...
HP-UX FTP daemon is vulnerable to a buffer overflow
Overview The HP-UX FTP daemon ftpd contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code. Description The HP-UX FTP daemon ftpd is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is...
The ActiveX and HTML file browsers of the Symantec 4400 Series Clientless VPN Gateway contains various unspecified vulnerabilities
Overview The ActiveX and HTML file browsers in the Symantec Clientless VPN Gateway 4400 Series contain various unspecified vulnerabilities. Description The Symantec Clientless VPN Gateway 4400 Series is a stand-alone security appliance for connecting remote users to a trusted network via a virtua...
Oracle Enterprise Manager contains several vulnerabilities
Overview Several vulnerabilities exist in the Oracle Enterprise Manager. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have a valid operating system user account on the Enterprise Manager host. Description The Oracle Enterprise Manage...
Multiple Cisco ONS control cards fail to properly handle invalid TCP responses
Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...
HP OpenView Select Access fails to properly decode UTF-8 encoded unicode characters in URLs
Overview There is a vulnerability in the way HP OpenView Select Access decodes UTF-8 encoded unicode characters in URLs. This vulnerability could allow a remote user to gain access to resources the user would otherwise be unauthorized to access. Description HP OpenView Select Access is a software...
BEA WebLogic Server fails to properly validate certificate chains
Overview There is a vulnerability in BEA WebLogic Server in which certificate chains rejected by the custom trust manager could still be accepted by the server. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating,...
BEA WebLogic Server stores database password in clear text in "config.xml"
Overview WebLogic Server contains a vulnerability that may expose the database username and password in clear text in the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...
Ethereal fails to properly handle a zero-length Presentation protocol selector
Overview Ethereal fails to properly handle a zero-length Presentation protocol selector, which could cause Ethereal to crash. Description Ethereal is a network traffic analysis package. There is a vulnerability in the way Ethereal processes a zero-length Presentation protocol selector. Exploitati...
IBM Net.Data db2www CGI interpreter fails to properly validate requested macro filenames
Overview IBM Net.Data fails to properly validate user input passed to the db2www CGI interpreter, which could allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description IBM Net.Data is a scripting language used to create web applications. Net.Data macros are...
Oracle9i Database contains buffer overflow in FROM_TZ() function
Overview Oracle9i Database contains a buffer overflow in the FROMTZ function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the FROMTZ function. This function is...
Multiple Real media players fail to properly validate SMIL files
Overview Multiple Real media players fail to properly validate synchronized multimedia integration language SMIL files which may permit a remote attacker to gain sensitive information. Description RealNetworks Real media players are multimedia applications that allow users to view local and remot...
NetScreen-Security Manager fails to encrypt communications with managed devices
Overview A vulnerability in the NetScreen-Security Manager software could expose sensitive information in cleartext over the network. Description NetScreen Technologies' NetScreen-Security Manager provides centralized management for control of device configuration, network settings and security...
DameWare Mini Remote Control vulnerable to buffer overflow via specially crafted packets
Overview DameWare Mini Remote Control is a lightweight remote control intended primarily for administrators and help desks for management of desktop systems. A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system. Description...
Oracle Database Server contains stack overflow in logging mechanism when supplied overly long library name
Overview There is a buffer overflow in several versions of Oracle Database. The impact of this vulnerability may include the execution of arbitrary code; the ability to read, modify, or delete information stored in underlying Oracle databases; and denial of service. Description A buffer overflow...
Ethereal DCE RPC dissector vulnerable to DoS
Overview A vulnerability in Ethereal may allow a remote attacker to cause a denial of service. Description The Ethereal web site describes Ethereal as "a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can...
HP-UX "kermit" vulnerable to buffer overflow
Overview HP-UX's implementation of kermit contains a buffer overflow which may allow a local attacker to gain elevated privileges. Description From the Kermit Project:Kermit software offers interactive and scripted file transfer and management, terminal emulation, Unicode-aware character-set...
Kerio Personal Firewall vulnerable to replay attack
Overview Kerio Personal Firewall contains a vulnerability that may allow a remote attacker to replay an administration session. Description Kerio Technologies Inc. describes the Kerio Personal Firewall as follows:Kerio Personal Firewall KPF is a software agent that builds a barrier between your...
Ethereal contains multiple one-byte buffer overflows in several dissectors
Overview Ethereal is a network traffic analysis package. Several packet dissectors contain a vulnerability that may cause a denial-of-service situation. Description Several packet dissectors for Ethereal contain a one-byte buffer overflow vulnerability. According to the Ethereal Advisory,...
Microsoft Windows Media Player fails to properly evaluate URLs when downloading skin files
Overview Microsoft Media Player contains a vulnerability in the parsing of "Skin Files" that may permit a remote attacker to download arbitrary files to a known location on the local system. Description Microsoft Media Player is an application that plays various types of media files. The user can...
RealSystem Proxy contains buffer overflow
Overview A buffer overflow vulnerability exists in the RealSystem Proxy. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable host. An exploit exists for this vulnerability and is publicly available. Description RealSystem Proxy is a streaming media proxy-cache...
Incorrect NXDOMAIN responses from AAAA queries could cause denial-of-service conditions
Overview Some DNS servers respond with an inappropriate error message if queried for nonexistent AAAA records, which can lead to possible denial of service. Description Some DNS servers respond with a "Name Error" response code NXDOMAIN, RCODE 3 instead of "No Error" RCODE 0 when queried for a...
SGI IRIX sets insecure permissions on "/dev/ipfilter"
Overview A locally exploitable denial-of-service vulnerability in SGI IRIX may allow a local attacker to disrupt network traffic. Description SGI IRIX contains a locally exploitable denial-of-service vulnerability. For more information, please see SGI Security Advisory 20020408-01-I. --- Impact A...
Lotus Domino Web Server vulnerable to buffer overflow via non-existent "h_SetReturnURL" parameter with an overly long "Host Header" field
Overview Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to execute arbitrary code on the server. Description Lotus Domino Web Server contains a vulnerability in the nhttp.exe...
Oracle9i Database contains remotely exploitable buffer overflow in "TO_TIMESTAMP_TZ" function
Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 A buffer overflow exists in...
Multiple vendors' HTTP content/virus scanners do not check data tunneled via HTTP CONNECT method
Overview Multiple vendors' HTTP anti-virus and content filters do not inspect the contents of HTTP CONNECT method tunnels. As a result, viruses or other restricted HTTP content may not be blocked as specified by policy. Description Many anti-virus and content filter products that are designed to...
Mac OS X utility gm4 contains format string vulnerability
Overview The gm4 utility of Mac OS X contains a buffer overflow, which may allow a root compromise through other programs. Description The gm4 utility of Mac OS X contains a buffer overflow. Some setuid root programs on Mac OS X may rely on gm4, possibly allowing a root compromise through these...
rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution
Overview There exist several signed-integer vulnerabilities in rsync. If rsync is run as a daemon, a remote-root compromise may be possible. Description Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the defaul...
Internet Key Exchange (IKE) protocol discloses identity when Aggressive Mode shared secret authentication is used
Overview The Internet Key Exchange IKE protocol discloses username information when Aggressive Mode is used for shared secret authentication. Description The Internet Key Exchange IKE protocol provides a negotiation mechanism that allows an initiator to establish an encrypted session with a...
HP Tru64 UNIX "uucp" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uucp" contains a locally exploitable buffer overflow. Description "uucp" is used to copy files between hosts. A locally exploitable buffer overflow in "uucp" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "lpd" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "lpd" contains a locally exploitable buffer overflow. Description "lpd" is used to handle the printer spool area. A locally exploitable buffer overflow in "lpd" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "passwd" contains buffer overflow (SSRT2192)
Overview The HP Tru64 UNIX implementation of "passwd" contains a locally exploitable buffer overflow. Description "passwd" is a utility used to change the password for the current user. A locally exploitable buffer overflow in "passwd" may permit a local attacker to gain elevated privileges and...
SurfControl SuperScout does not filter web requests fragmented in multiple packets
Overview SurfControl SuperScout Web Filter does not block some HTTP requests that have been fragmented into multiple packets. Description SurfControl SuperScout Web Filter is software intended for companies that wish to limit employees' web surfing to appropriate uses. SuperScout anazlyzes...
SGI IRIX contains vulnerability in rpc.passwd allowing for root compromise
Overview There is a vulnerability in rpc.passwd that could allow root compromise. Description /usr/etc/rpc.passwd, part of the nfs.sw.nis subsystem on IRIX 6.5, could permit a root compromise. No other details are available. --- Impact Intruders could gain root access. --- Solution Apply a patch ...
Verisign transmits sensitive customer information in plain text when applying for a "Code Signing Digital ID"
Overview Verisign offers a service entitled "Code Signing Digital ID for Microsoft Authenticode." Information that is submitted to this site is not transmitted via an SSL secured session, instead it is transmitted in the plain-text. Description Verisign offers a service entitled "Code Signing...
Microsoft MSN Messenger Chat Control contains a buffer overflow in "ResDLL" parameter
Overview Microsoft's MSN Chat is an ActiveX control for Microsoft Messenger, an instant messaging client. A buffer overflow exists in the ActiveX control that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. Description A buffer overflo...
Php variables passed from the browser are stored in global context
Overview Php is a dynamic scripting language used by programmers to develop webservers, message boards, chat applications and a variety of programs. By default php stores variables passed from the URL in a global context. Programmers often fail to change this setting which can allow serious...
Hewlett-Packard HP-UX Software Distributor (SD-UX) contains vulnerability permitting privilege escalation
Overview HP9000 Series 700/800 running HP-UX releases 10.01, 10.10, 10.20 and 11.00 are affected by a buffer overflow in Hewlett-Packard's HP-UX Software Distributor SD-UX. A local user can exploit this vulnerability to gain elevated privileges. Description Several applications in SD-UX contain...
Critical Path directory products contain multiple vulnerabilities in LDAP handling code
Overview Multiple Critical Path directory products contain vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses th...
Allaire ColdFusion Server contains vulnerability allowing templates to be overwritten by zero byte file of the same name
Overview A vulnerability exists in Allaire ColdFusion Server which allows an attacker to overwrite ColdFusion Server templates with zero byte files. Description A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to overwrite ColdFusion Serve...
SCO UnixWare uucico contains buffer overflow via long string of characters sent as command line argument
Overview A buffer overflow in uucico, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sending of...
SGI systems may execute commands embedded in mail messages
Overview Some SGI systems produced circa 1998 allowed an intruder to send mail that would execute commands when the reader opened the message. Description On some SGI systems, Netscape is bundled with IRIX 6.3 and 6.4 and is used as the default web browser and mail reader. On these systems, the...
Linux kernel contains local privilege escalation vulnerability (Copy Fail)
Overview A privilege escalation vulnerability has been discovered in Linux kernel versions version 4.17 released 2017 and later. Many popular distributions and Linux-based containers are affected. This vulnerability was publicly disclosed on April 29, 2026, has been assigned CVE ID CVE-2026-31431...