3702 matches found
Multiple vendors' email content/virus scanners do not adequately check "message/partial" MIME entities
Overview Email anti-virus scanners and content filters from multiple vendors do not adequately check messages containing "message/partial" MIME entities RFC 2046. As a result, viruses, malicious code, or other restricted content may not be detected. Description Section 5.2.2 of RFC 2046 defines t...
HP Tru64 UNIX "uucp" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uucp" contains a locally exploitable buffer overflow. Description "uucp" is used to copy files between hosts. A locally exploitable buffer overflow in "uucp" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
SurfControl SuperScout does not filter web requests fragmented in multiple packets
Overview SurfControl SuperScout Web Filter does not block some HTTP requests that have been fragmented into multiple packets. Description SurfControl SuperScout Web Filter is software intended for companies that wish to limit employees' web surfing to appropriate uses. SuperScout anazlyzes...
Yahoo! Messenger contains a buffer overflow in "set_buddygrp" when adding users to a buddy list via the web
Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "setbuddygrp" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "setbuddygrp" field that may permit a remote attacker to execute...
Mac OS X executes 'recent items' with privileges of foreground application
Overview The "recent items" feature of MacOS X allows users at the console to trivially obtain root privileges. Description MacOS X includes a feature called recent items. Recent Items is a list of documents and applications that have recently been accessed. An application launched from the Recen...
Beck GmbH IPC@Chip TelnetD service ships with inadequately protected default account
Overview There is a vulnerability in the Beck IPC@CHIP that may allow an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device also contains a telnet server that ships with an account named "Default". This account essentially grants...
Web-based email services filtering systems vulnerable to malicous script execution
Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript which can lead to...
Beck GmbH IPC@Chip FtpD allows an attacker to gain access to the device
Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device also contains an ftp server that is configured by default to allow anonymous access. Additionally, the device...
phpBB does not adequately validate user input thereby allowing user to gain escalated privileges via manipulated SQL query
Overview phpBB is an open-source bulletin board program. There exists a user input validation problem with regard to the parsing of the URL. An intruder can excute limited SQL queries and gain administrative privileges on the bulletin board. Description phpBB has a user input validation problem...
Dallas Semiconductor iButton DS1991 vulnerable to dictionary attack
Overview The Dallas Semiconductor iButton DS1991 is vulnerable to a dictionary attack, allowing an intruder to recover passwords. Description The Dallas Semiconductor iButton DS1911 stores 1 kilobyte of data in 3 separate password-protected areas. It includes functionality intended to prevent...
SGI systems may execute commands embedded in mail messages
Overview Some SGI systems produced circa 1998 allowed an intruder to send mail that would execute commands when the reader opened the message. Description On some SGI systems, Netscape is bundled with IRIX 6.3 and 6.4 and is used as the default web browser and mail reader. On these systems, the...
BSD i386_set_ldt syscall does not appropriately validate call gate targets
Overview There are a set of kernel interfaces called "call gates" which are code primitives used to build system-level calls into an operating system's kernel. A subset of these "calls gates" may be able to be manipulated on some operating systems which use improper privilege checking when...
SystemWizard Launch ActiveX Control lacks authentication
Overview Description The SystemWizard "Launch" ActiveX Control may allow attackers to execute arbitrary commands on systems where the control is installed. This control was shipped on HP Pavilion computers running Windows 98, as part of a diagnostic application named "SystemWizard" produced by...
Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deployments
Overview VoLTE deployments on Verizon’s IMS network have operated without negotiated SIP integrity protection. In observed test conditions, SIP signaling—including registration, call setup, and messaging—traveled without IPsec ESP encapsulation and without SIP Security Agreement headers, exposing...
Linux kernel contains local privilege escalation vulnerability (Copy Fail)
Overview A privilege escalation vulnerability has been discovered in Linux kernel versions version 4.17 released 2017 and later. Many popular distributions and Linux-based containers are affected. This vulnerability was publicly disclosed on April 29, 2026, has been assigned CVE ID CVE-2026-31431...
SysTrack LsiAgent.exe contains an improper DLL search order, allowing an attacker to execute arbitrary code and priv esc
Overview Lakeside Software, an IT digital employee experience platform, offers a product called SysTrack, intended for endpoint observability. This program uses an executable called LsiAgent.exe, which attempts to load various Dynamic Link Library DLL files when run. The program does not properly...
Radware Cloud Web Application Firewall Vulnerable to Filter Bypass
Overview The Radware Cloud Web Application Firewall is vulnerable to filter bypass by multiple means. The first is via specially crafted HTTP request and the second being insufficient validation of user-supplied input when processing a special character. An attacker with knowledge of these...
Router devices do not implement sufficient UPnP authentication and security
Overview Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. Description The UPnP protocol allows automatic device discovery and interaction with devices on a network. The UPnP protocol was originally...
Windows Adobe Type Manager privilege escalation vulnerability
Overview The Adobe Type Manager module contains a memory corruption vulnerability, which can allow an attacker to obtain SYSTEM privileges on an affected Windows system. Description Adobe Type Manager, which is provided by atmfd.dll, is a kernel module that is provided by Windows and provides...
Verizon Wireless Network Extender multiple vulnerabilities
Overview iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devic...
HomeSeer HS2 web interface multiple vulnerabilities
Overview HomeSeer HS2 home automation software web interface contains multiple vulnerabilities. Description According to HomeSeer's website, "HomeSeer HS2 is an advanced home automation and remote access software package that is designed to integrate the major systems of any home". The HomeSeer H...
libpng malformed cHRM divide-by-zero vulnerability
Overview libpng crashes when processing malformed cHRM chunks. Description When libpng encounters a cHRM chunk that is malformed it will perform a divide-by-zero causing libpng to crash. This bug was introduced in libpng version 1.5.4 and has been fixed in libpng version 1.5.5. --- Impact By...
HP LoadRunner buffer overflow vulnerability
Overview HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script files. Description According to HP's website: HP LoadRunner software is the industry standard for performance validation. It allows you to prevent application performance problems by detecting...
Media Technology Group CDPass ActiveX control stack buffer overflows
Overview The Media Technology Group CDPass ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Media Technology Group CDPass is software that provides bonus content for music CDs...
Secure Elements Class 5 AVR client fails to enforce integrity of message digests
Overview The Secure Elements Class 5 AVR client fails to enforce integrity of message digests. This may allow an attacker to replay modified messages to a vulnerable client. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors...
Oracle Application Object Library vulnerability
Overview An unspecified vulnerability in the Oracle Application Object Library may allow a remote, unauthenticated attacker to compromise system integrity and confidentiality. Description Oracle Application Object Library contains a vulnerability.The details of this vulnerability are not clear...
Pubcookie application server modules contain cross-site scripting vulnerabilities
Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...
Oracle Diagnostic Tools do not properly authenticate users
Overview Oracle Diagnostic Tools fail to properly authenticate users before granting access to tools and tool resources. This may allow a remote, unauthenticated attacker to access and execute diagnostic tools on an Oracle E-Business Suite installation. Description Oracle Diagnostic Tools Oracle...
Shortcuts may insecurely store SMB authentication information
Overview SMB authentication information may be stored as plain text within URI shortcuts. As a result, a local attacker may be able read the authentication information and gain access to the share. Description SMB is a protocol for sharing data and resources between computers. Many operating...
Anti-virus software may not properly scan malformed zip archives
Overview Anti-virus software may rely on corrupted headers to determine if a zip archive is valid. As a result, anti-virus software may fail to detect malicious content within a zip archive. Description Information about a zip archive, such as the size of the compressed data, is placed in headers...
Multiple web browsers do not properly interpret TABLE elements when displaying URLs in the status bar
Overview Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the status bar wh...
Multiple web browsers do not properly interpret BASE and FORM elements when displaying URLs in the status bar
Overview Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the status bar wh...
Juniper Networks NetScreen firewall contains a DoS vulnerability in the SSHv1 service
Overview A vulnerability in the SSHv1 service of NetScreen firewalls could allow an attacker to cause a denial-of-service condition. Description Juniper Networks NetScreen firewall products include a Secure Shell version 1 SSHv1 implementation called Secure Command Shell SCS. The SSHv1 service...
libgcc contains multiple flaws that allow integer type range vulnerabilities to occur at runtime
Overview The libgcc runtime for the gcc and g++ compilers contain multiple flaws that can result in integer type range vulnerabilities in programs that are compiled using the -ftrapv option. Description Both gcc and g++ provide an -ftrapv compiler option that, according to the gcc man page,...
cPanel fails to verify input passed to the "user" parameter
Overview A remotely exploitable vulnerability in CPanel's password reset and login scripts may allow a remote attacker to gain control of the vulnerable system. Description Cpanel is an application that provides the ability to manage accounts and provides an interface to the end users of web...
Solaris conv_fix insecure file handling vulnerability
Overview A vulnerability in a program supplied with the Solaris printing system could allow a local attacker to gain elevated privileges on the system. Description The Solaris operating system from Sun Microsystems includes a number of supplemental programs to aid in configuration and maintenance...
Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp
Overview Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp. Description Cisco voice products e.g. CallManager, IP Interactive Voice Response, IP Call Center Express that run on IBM servers install IBM Director agent to provide administrative management. The...
NetScreen-Security Manager fails to encrypt communications with managed devices
Overview A vulnerability in the NetScreen-Security Manager software could expose sensitive information in cleartext over the network. Description NetScreen Technologies' NetScreen-Security Manager provides centralized management for control of device configuration, network settings and security...
PostgreSQL VACUUM command allows unprivileged user to remove database transaction log data
Overview The PostgreSQL VACUUM command contains a vulnerability that allows an unprivileged user to remove database transaction log data. This may result in unrecoverable data loss. Description PostgreSQL is a database management system. The PostgreSQL VACUUM command is used to clean out records...
Whale Communications e-Gap security appliance discloses source code via HTTP TRACE Method
Overview Whale communications e-Gap security appliance is a tool to provide a secure remote web access platform. A vulnerability exists that may permit a remote attacker to gain access to the source code of the login page. Description Whale communications e-Gap security appliance version 2.5...
Apple QuickTime/Darwin Streaming Server integer overflow in MP3Broadcaster utility
Overview Apple's QuickTime and Darwin Streaming Server DSS package includes a utility called MP3Broadcaster. This utility contains an integer overflow which may be exploited to cause a denial of service. Description Apple's QuickTime and Darwin Streaming Server is software which provides integrat...
Morpheus discloses username to remote users
Overview The usernames disclosed by the Morpheus peer-to-peer file sharing application do not present a security vulnerability. Description Morpheus is a peer-to-peer file sharing application that allows users to search for and download files from other Morpheus users. This product allegedly...
Microsoft Windows Media Player fails to properly launch URLs based on Dynamic HTML (DHTML) behaviors
Overview Microsoft Windows Media Player WMP permits the embedding of URLs into media files. When launching an embedded URL, a logic error in the WMP URL handling makes it possible to move from a less trusted domain zone into the local computer zone. This vulnerability permits an attacker to execu...
Oracle Database Server contains stack overflow in logging mechanism when supplied overly long library name
Overview There is a buffer overflow in several versions of Oracle Database. The impact of this vulnerability may include the execution of arbitrary code; the ability to read, modify, or delete information stored in underlying Oracle databases; and denial of service. Description A buffer overflow...
Linux kernel IP stack incorrectly calculates size of an ICMP citation for ICMP errors
Overview The Linux 2.0 kernel contains a vulnerability in the way it processes ICMP errors. This could lead to portions of memory being leaked to a malicious user. Description The Linux 2.0 kernel versions 2.0 through 2.0.39 inclusive contains an error in the calculation of the size for an ICMP...
RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string for the "Describe" field
Overview The RealNetworks' Helix Universal Server supports delivery of several different media types over the Internet via RTSP Real Time Streaming Protocol. Vulnerabilities have been discovered in the way it handles some RTSP requests. These vulnerabilities could allow a remote attacker to execu...
BEA WebLogic Server fails to discard cached authentication information when web applications are updated
Overview The BEA WebLogic server contains a vulnerability that may allow authenticated users to bypass authentication for a given web application when the application has been updated. Description The BEA WebLogic Server provides a feature that allows it to store user authentication information f...
Lotus Domino Web Server vulnerable to denial of service via incomplete POST request
Overview Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to cause a denial-of-service situation for HTTP requests. Description Lotus Domino Web Server contains a vulnerability in...
University of Washington IMAP Server vulnerable to buffer overflow after login
Overview A buffer overflow vulnerability exists in versions of the University of Washington IMAP Server up to and including the imap-2002 release. This vulnerability may allow an authenticated attacker to execute arbitrary code on the mail server with the privileges of the UID of the user running...
Netegrity SiteMinder does not adequately validate user input thereby allowing user to bypass filters via crafted URL
Overview Netegrity SiteMinder does adequately vaildate HTTP requests containing malicious Unicode encodings. Description Netegrity SiteMinder is a platform for securing multiple web applications through a single point of user authentication. SiteMinder does not properly filter HTTP requests when...