3695 matches found
OPeNDAP filesystem enumeration vulnerability
Overview The OPeNDAP server version 4 contains a file enumeration vulnerability. This vulnerability may allow an attacker to enumerate filesystem contents. Description OPeNDAP is a software package designed to help researchers exchange data sets that are stored in different formats. The most rece...
Cisco IOS fails to properly process TCP packets
Overview The Cisco IOS Transmission Control Protocol listener contains a memory leak. Description Cisco IOS is an operating system that is used on Cisco network devices. The Cisco IOS software can run Transmission Control Protocol TCP servers that allow administrators to connect to the devices fo...
Multiple vulnerabilities in DNS implementations
Overview Numerous vulnerabilities have been reported in various Domain Name System DNS implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable...
Oracle Diagnostic Tools do not properly authenticate users
Overview Oracle Diagnostic Tools fail to properly authenticate users before granting access to tools and tool resources. This may allow a remote, unauthenticated attacker to access and execute diagnostic tools on an Oracle E-Business Suite installation. Description Oracle Diagnostic Tools Oracle...
simpleproxy format string vulnerability
Overview A format string vulnerability in the simpleproxy TCP proxy may allow a remote attacker to execute arbitrary code on a vulnerable system. Description simpleproxy, a basic open source TCP proxy, contains a format string vulnerability in an unspecified HTTP proxy request handling routine. I...
HP-UX FTP daemon is vulnerable to a buffer overflow
Overview The HP-UX FTP daemon ftpd contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code. Description The HP-UX FTP daemon ftpd is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is...
Shortcuts may insecurely store SMB authentication information
Overview SMB authentication information may be stored as plain text within URI shortcuts. As a result, a local attacker may be able read the authentication information and gain access to the share. Description SMB is a protocol for sharing data and resources between computers. Many operating...
Anti-virus software may not properly scan malformed zip archives
Overview Anti-virus software may rely on corrupted headers to determine if a zip archive is valid. As a result, anti-virus software may fail to detect malicious content within a zip archive. Description Information about a zip archive, such as the size of the compressed data, is placed in headers...
Multiple web browsers do not properly interpret BASE and FORM elements when displaying URLs in the status bar
Overview Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the status bar wh...
Juniper Networks NetScreen firewall contains a DoS vulnerability in the SSHv1 service
Overview A vulnerability in the SSHv1 service of NetScreen firewalls could allow an attacker to cause a denial-of-service condition. Description Juniper Networks NetScreen firewall products include a Secure Shell version 1 SSHv1 implementation called Secure Command Shell SCS. The SSHv1 service...
Solaris conv_fix insecure file handling vulnerability
Overview A vulnerability in a program supplied with the Solaris printing system could allow a local attacker to gain elevated privileges on the system. Description The Solaris operating system from Sun Microsystems includes a number of supplemental programs to aid in configuration and maintenance...
Oracle9i Database contains buffer overflow in FROM_TZ() function
Overview Oracle9i Database contains a buffer overflow in the FROMTZ function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the FROMTZ function. This function is...
Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp
Overview Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp. Description Cisco voice products e.g. CallManager, IP Interactive Voice Response, IP Call Center Express that run on IBM servers install IBM Director agent to provide administrative management. The...
Whale Communications e-Gap security appliance discloses source code via HTTP TRACE Method
Overview Whale communications e-Gap security appliance is a tool to provide a secure remote web access platform. A vulnerability exists that may permit a remote attacker to gain access to the source code of the login page. Description Whale communications e-Gap security appliance version 2.5...
Apple QuickTime/Darwin Streaming Server integer overflow in MP3Broadcaster utility
Overview Apple's QuickTime and Darwin Streaming Server DSS package includes a utility called MP3Broadcaster. This utility contains an integer overflow which may be exploited to cause a denial of service. Description Apple's QuickTime and Darwin Streaming Server is software which provides integrat...
Morpheus discloses username to remote users
Overview The usernames disclosed by the Morpheus peer-to-peer file sharing application do not present a security vulnerability. Description Morpheus is a peer-to-peer file sharing application that allows users to search for and download files from other Morpheus users. This product allegedly...
Microsoft Windows Media Player fails to properly launch URLs based on Dynamic HTML (DHTML) behaviors
Overview Microsoft Windows Media Player WMP permits the embedding of URLs into media files. When launching an embedded URL, a logic error in the WMP URL handling makes it possible to move from a less trusted domain zone into the local computer zone. This vulnerability permits an attacker to execu...
Oracle Database Server contains stack overflow in logging mechanism when supplied overly long library name
Overview There is a buffer overflow in several versions of Oracle Database. The impact of this vulnerability may include the execution of arbitrary code; the ability to read, modify, or delete information stored in underlying Oracle databases; and denial of service. Description A buffer overflow...
Kerio Personal Firewall vulnerable to replay attack
Overview Kerio Personal Firewall contains a vulnerability that may allow a remote attacker to replay an administration session. Description Kerio Technologies Inc. describes the Kerio Personal Firewall as follows:Kerio Personal Firewall KPF is a software agent that builds a barrier between your...
SGI IRIX sets insecure permissions on "/dev/ipfilter"
Overview A locally exploitable denial-of-service vulnerability in SGI IRIX may allow a local attacker to disrupt network traffic. Description SGI IRIX contains a locally exploitable denial-of-service vulnerability. For more information, please see SGI Security Advisory 20020408-01-I. --- Impact A...
Lotus Domino Web Server vulnerable to denial of service via incomplete POST request
Overview Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to cause a denial-of-service situation for HTTP requests. Description Lotus Domino Web Server contains a vulnerability in...
Lotus iNotes vulnerable to buffer overflow via PresetFields s_ViewName field
Overview Lotus iNotes contains a buffer overflow that could permit a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable server. Description Lotus iNotes Web Access is a web-based database application that provides "access to corporate messaging services and...
Oracle9i Database contains remotely exploitable buffer overflow in "TO_TIMESTAMP_TZ" function
Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 A buffer overflow exists in...
Multiple vendors' HTTP content/virus scanners do not check data tunneled via HTTP CONNECT method
Overview Multiple vendors' HTTP anti-virus and content filters do not inspect the contents of HTTP CONNECT method tunnels. As a result, viruses or other restricted HTTP content may not be blocked as specified by policy. Description Many anti-virus and content filter products that are designed to...
rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution
Overview There exist several signed-integer vulnerabilities in rsync. If rsync is run as a daemon, a remote-root compromise may be possible. Description Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the defaul...
Multiple vendors' email content/virus scanners do not adequately check "message/partial" MIME entities
Overview Email anti-virus scanners and content filters from multiple vendors do not adequately check messages containing "message/partial" MIME entities RFC 2046. As a result, viruses, malicious code, or other restricted content may not be detected. Description Section 5.2.2 of RFC 2046 defines t...
HP Tru64 UNIX "uucp" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uucp" contains a locally exploitable buffer overflow. Description "uucp" is used to copy files between hosts. A locally exploitable buffer overflow in "uucp" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "lpq" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "lpq" contains a locally exploitable buffer overflow. Description "lpq" is used to examine the printer spool queue. A locally exploitable buffer overflow in "lpq" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
SurfControl SuperScout does not filter web requests fragmented in multiple packets
Overview SurfControl SuperScout Web Filter does not block some HTTP requests that have been fragmented into multiple packets. Description SurfControl SuperScout Web Filter is software intended for companies that wish to limit employees' web surfing to appropriate uses. SuperScout anazlyzes...
Oracle Configurator discloses version and host information via "test" argument passed to servlet
Overview A servlet component of Oracle Configurator may post sensitive version and host information to any Web user that makes a crafted request to the server. Description Oracle Configurator is an Internet application used to configure Oracle Application and Database Servers. If a user sends a...
Apache Tomcat default installation contains sample applications that disclose webroot path
Overview There is an insecure default configuration in Apache Tomcat web server that places several sample applications in the webroot. Remote users may be able to use these applications to gain sensitive information about the server's configuration. Description There are several sample...
Yahoo! Messenger contains a buffer overflow in "set_buddygrp" when adding users to a buddy list via the web
Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "setbuddygrp" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "setbuddygrp" field that may permit a remote attacker to execute...
Verisign transmits sensitive customer information in plain text when applying for a "Code Signing Digital ID"
Overview Verisign offers a service entitled "Code Signing Digital ID for Microsoft Authenticode." Information that is submitted to this site is not transmitted via an SSL secured session, instead it is transmitted in the plain-text. Description Verisign offers a service entitled "Code Signing...
PIX 'established' and 'conduit' command may have unexpected interactions
Overview A somewhat common configuration of Cisco PIX firewalls may permit a window of opportunity in which an intruder can bypass the firewall. This problem was first publicly described in July, 1998. Description Cisco PIX firewalls protecting servers which offer service to the internet-at-large...
mgetty creates temporary files insecurely
Overview mgetty, a replacement for getty designed to support modem and fax use, creates files of a predictable name in a world-writable directory without checking for the prior existence or ownership of the file. Using a symbolic link attack, an intruder might cause the overwrite of arbitrary fil...
Web-based email services filtering systems vulnerable to malicous script execution
Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript which can lead to...
phpBB does not adequately validate user input for language selection thereby allowing user to execute arbitrary php code
Overview phpBB is an open-source bulletin board program. A user input validation problem exists with regard to language settings. An intruder can excute arbitrary php code and gain a shell with the privileges of the web server on the system. Description Version 1.4.0 and earlier have a user input...
Microsoft Internet Information Server 4.0 (IIS) vulnerable to DoS when URL redirecting is enabled
Overview A vulnerability in IIS 4.0 may permit intruders to crash vulnerable IIS servers with URL redirection enabled. Description A vulnerability in Microsoft IIS 4.0 allows an attacker to crash IIS 4.0 servers if they are configured to use URL redirection. URL redirection is not used by default...
Netscape fails to revalidate certificates if a user has previously acknowledged a certificate to be non-matching
Overview A flaw exists in Netscape Navigator that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. This is different from the problem reported in CERT Advisory CA-2000-05, but it has a similar impact. This...
SCO UnixWare uuxqt contains buffer overflow via long string of characters sent as command line argument
Overview A buffer overflow in uuxqt, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sending of...
SCO UnixWare uucico contains buffer overflow via long string of characters sent as command line argument
Overview A buffer overflow in uucico, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sending of...
Microsoft Services for UNIX Network File System (NFS) server is vulnerable to denial of service via memory leak
Overview The NFS server included in the Microsoft Services for Unix package contains a denial-of-service vulnerability that may cause the system to become unstable or crash. Description The Network File System NFS server included in the Microsoft Services for Unix SFU package contains a memory le...
SSH connections using RC4 and password authentication can be replayed
Overview This vulnerability may allow an attacker to replay a captured SSH1 session. Description Preconditions: Client requests RC4 and the server grants request Client uses password authentication When an SSH1 session using the RC4 cipher is established, the client and server agree upon a sessio...
SysTrack LsiAgent.exe contains an improper DLL search order, allowing an attacker to execute arbitrary code and priv esc
Overview Lakeside Software, an IT digital employee experience platform, offers a product called SysTrack, intended for endpoint observability. This program uses an executable called LsiAgent.exe, which attempts to load various Dynamic Link Library DLL files when run. The program does not properly...
PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement
Overview PDQ Deploy is a service intended for usage by system administrators for the deployment of software or updates to targeted machines within their network. PDQ Deploy uses "run modes" to deploy software to their target devices. The run mode "Deploy User" insecurely creates credentials on th...
Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol
Overview Wireless keyboard and mouse devices from multiple vendors use proprietary wireless protocols that are not properly secured. Description CWE-311: Missing Encryption of Sensitive Data Multiple wireless input devices keyboard and mouse use a proprietary wireless protocol on the 2.4 GHz ISM...
Topline Systems Opportunity Form vulnerable to information disclosure
Overview Topline Systems Opportunity Form contains an information disclosure vulnerability. Description CWE-200: Information Exposure Topline Systems Opportunity Form is a macro-enabled Excel spreadsheet that contains connection strings to a public-facing database. By running procedures included ...
Incorrect implementation of NAT-PMP in multiple devices
Overview Many NAT-PMP devices are incorrectly configured, allowing them to field requests received on external network interfaces or map forwarding routes to addresses other than that of the requesting host, making them potentially vulnerable to information disclosure and malicious port mapping...
Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability
Overview Websense Triton Unified Security Center 7.7.3 and possibly earlier versions contains an information disclosure vulnerability which could allow an authenticated attacker to view stored credentials of a possibly higher privileged user. Description CWE-200: Information ExposureWhen logged...
GroundWork Monitor Enterprise contains multiple vulnerabilities
Overview GroundWork Monitor Enterprise 6.7.0 and possibly earlier versions contain multiple vulnerabilities. Description The SEC Consult Vulnerability Lab Security Advisory states:The following vulnerability description has been categorized into the components where the vulnerabilities have been...