Cisco Intrusion Prevention System administration interface fails to properly handle Secure Socket Layer packets

Overview The web administration interface of Cisco Intrusion Prevention System and Intrusion Detection System devices fails to properly handle certain Secure Socket Layer packets. This vulnerability may cause a denial of service. Description According to Cisco Security Advisory...

Secure Elements Class 5 AVR client fails to enforce integrity of message digests

Overview The Secure Elements Class 5 AVR client fails to enforce integrity of message digests. This may allow an attacker to replay modified messages to a vulnerable client. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors...

Multiple vulnerabilities in DNS implementations

Overview Numerous vulnerabilities have been reported in various Domain Name System DNS implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable...

Oracle Order Capture vulnerability

Overview An unspecified vulnerability in Oracle Order Capture may allow a remote, unauthenticated attacker to compromise system confidentiality. Description Oracle Order Capture contains a vulnerability. The details of this vulnerability are not clear. However, Oracle states this issue can allow ...

Oracle Export component SQL injection vulnerability

Overview An SQL injection vulnerability in the Oracle Export component may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Export component contains a SQL injection vulnerability.The details of this vulnerability are not clear. We...

Oracle Application Object Library vulnerability

Overview An unspecified vulnerability in the Oracle Application Object Library may allow a remote, unauthenticated attacker to compromise system integrity and confidentiality. Description Oracle Application Object Library contains a vulnerability.The details of this vulnerability are not clear...

Pubcookie application server modules contain cross-site scripting vulnerabilities

Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...

simpleproxy format string vulnerability

Overview A format string vulnerability in the simpleproxy TCP proxy may allow a remote attacker to execute arbitrary code on a vulnerable system. Description simpleproxy, a basic open source TCP proxy, contains a format string vulnerability in an unspecified HTTP proxy request handling routine. I...

WebEOC account lock-out policy may allow a denial-of-service

Overview WebEOC account lock out policy may allow a remote attacker to disable user and system accounts resulting in a denial-of-service condition. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate informatio...

Groove Virtual Office sets insecure permissions on installation components

Overview Groove Virtual Office installation sets insecure permissions on installation files and folders by default. As a result, an attacker could gain access to sensitive data. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, database...

Groove Virtual Office may not correctly display file names

Overview Groove Virtual Office may not correctly display the names of attached or embedded files. A remote attacker may be able to trick a user into executing arbitrary code. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases,...

Sun Java Plugin may create temporary files with predictable names

Overview The Sun Java Plugin may allow remote users to create files with arbitrary content in a specific location. Description From the Sun Java Plugin page:Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition JRE, establishes a connection between popular...

Shortcuts may insecurely store SMB authentication information

Overview SMB authentication information may be stored as plain text within URI shortcuts. As a result, a local attacker may be able read the authentication information and gain access to the share. Description SMB is a protocol for sharing data and resources between computers. Many operating...

BEA WebLogic Server contains a vulnerability in the URL pattern matching

Overview There is a vulnerability in the URL pattern matching functionality of BEA WebLogic Server that could allow URL restrictions to be bypassed. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and...

BEA WebLogic Server stores database password in clear text in "config.xml"

Overview WebLogic Server contains a vulnerability that may expose the database username and password in clear text in the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...

cPanel fails to verify input passed to the "user" parameter

Overview A remotely exploitable vulnerability in CPanel's password reset and login scripts may allow a remote attacker to gain control of the vulnerable system. Description Cpanel is an application that provides the ability to manage accounts and provides an interface to the end users of web...

Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp

Overview Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp. Description Cisco voice products e.g. CallManager, IP Interactive Voice Response, IP Call Center Express that run on IBM servers install IBM Director agent to provide administrative management. The...

NetScreen-Security Manager fails to encrypt communications with managed devices

Overview A vulnerability in the NetScreen-Security Manager software could expose sensitive information in cleartext over the network. Description NetScreen Technologies' NetScreen-Security Manager provides centralized management for control of device configuration, network settings and security...

Apple QuickTime/Darwin Streaming Server integer overflow in MP3Broadcaster utility

Overview Apple's QuickTime and Darwin Streaming Server DSS package includes a utility called MP3Broadcaster. This utility contains an integer overflow which may be exploited to cause a denial of service. Description Apple's QuickTime and Darwin Streaming Server is software which provides integrat...

Morpheus discloses username to remote users

Overview The usernames disclosed by the Morpheus peer-to-peer file sharing application do not present a security vulnerability. Description Morpheus is a peer-to-peer file sharing application that allows users to search for and download files from other Morpheus users. This product allegedly...

Microsoft Windows Media Player fails to properly launch URLs based on Dynamic HTML (DHTML) behaviors

Overview Microsoft Windows Media Player WMP permits the embedding of URLs into media files. When launching an embedded URL, a logic error in the WMP URL handling makes it possible to move from a less trusted domain zone into the local computer zone. This vulnerability permits an attacker to execu...

GNU screen contains buffer overflow

Overview A locally exploitable buffer overflow exists in GNU screen. An exploit is publicly available for this vulnerability. Description The Free Software Foundation describes GNU Screen as follows:Screen is a full-screen window manager that multiplexes a physical terminal between several...

HP-UX "kermit" vulnerable to buffer overflow

Overview HP-UX's implementation of kermit contains a buffer overflow which may allow a local attacker to gain elevated privileges. Description From the Kermit Project:Kermit software offers interactive and scripted file transfer and management, terminal emulation, Unicode-aware character-set...

SGI IRIX sets insecure permissions on "/dev/ipfilter"

Overview A locally exploitable denial-of-service vulnerability in SGI IRIX may allow a local attacker to disrupt network traffic. Description SGI IRIX contains a locally exploitable denial-of-service vulnerability. For more information, please see SGI Security Advisory 20020408-01-I. --- Impact A...

Utah Raster Toolkit contains multiple vulnerabilities

Overview The Utah Raster Toolkit is a graphics library/utility. Several vulnerabilities have been reported in the Utah Raster Toolkit. Description The Utah Raster Toolkit is a graphics library/utility. Several vulnerabilities have been reported in the Utah Raster Toolkit. --- Impact The complete...

Lotus iNotes vulnerable to buffer overflow via PresetFields s_ViewName field

Overview Lotus iNotes contains a buffer overflow that could permit a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable server. Description Lotus iNotes Web Access is a web-based database application that provides "access to corporate messaging services and...

Netscape and iPlanet Enterprise Servers fail to sanitize log files before they are displayed using the administration client

Overview IPlanet Enterprise Server and Netscape Enterprise Server versions prior to 4.1. SP12 have a vulnerability involving the rendering of tags embedded in the web logs when viewed through the administration client. Description Requests made to web servers are routinely logged by the web serve...

Multiple vulnerabilities exist within credit card chips thereby allowing malicious user to bypass authentication mechanism

Overview French smart card reader terminals can be fooled into accepting imposter smart cards for payment. Description French smart cards are credit cards with an embedded chip containing certain cardholder, account, and authentication information. These cards are read by automated terminals acro...

HP Tru64 UNIX "mailcv" contains buffer overflow (SSRT2193)

Overview The HP Tru64 UNIX implementation of "mailcv" contains a locally exploitable buffer overflow. Description "mailcv" converts dxmail style folders to UNIX style folders. A locally exploitable buffer overflow in "mailcv" may permit a local attacker to gain elevated privileges and execute...

HP Tru64 UNIX "dtsession" contains buffer overflow (SSRT2282)

Overview The HP Tru64 UNIX implementation of "dtsession" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtsession" utility "provides ICCCM 1.1 compliant session management functionality during a user's session, the time from login to logou...

HP Tru64 UNIX "deliver" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "deliver" contains a locally exploitable buffer overflow. Description "deliver" is used to deliver mail to an IMAP mailbox . A locally exploitable buffer overflow in "deliver" may permit a local attacker to gain elevated privileges and execute arbitrar...

HP Tru64 UNIX "lpq" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "lpq" contains a locally exploitable buffer overflow. Description "lpq" is used to examine the printer spool queue. A locally exploitable buffer overflow in "lpq" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...

Mandrake Security may make unexpected system modifications

Overview The Mandrake Security utility included with Mandrake Linux may make unexpected modifications that affect system security. Description Mandrake Linux includes a tool named Mandrake Security msec that allows system administrators to manage and audit various system parameters associated wit...

Verity's Search97 contains a Cross-Site Scripting vulnerability in the processing of search requests

Overview Verity's Search97 application contains a Cross-Site Scripting vulnerability in the processing of search requests. Description Verity's Search97 application contains a Cross-Site Scripting vulnerability in the processing of search requests. This vulnerability is in both the Microsoft...

Apache Tomcat default installation contains sample applications that disclose webroot path

Overview There is an insecure default configuration in Apache Tomcat web server that places several sample applications in the webroot. Remote users may be able to use these applications to gain sensitive information about the server's configuration. Description There are several sample...

PIX 'established' and 'conduit' command may have unexpected interactions

Overview A somewhat common configuration of Cisco PIX firewalls may permit a window of opportunity in which an intruder can bypass the firewall. This problem was first publicly described in July, 1998. Description Cisco PIX firewalls protecting servers which offer service to the internet-at-large...

Buffer overflow vulnerability in pwck command line utility

Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility. Description The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section o...

Problem with HP r-cmnds

Overview A problem existed with HP versions of the r-commands remshd, rexecd, rlogin, rlogind, remsh, rcp, rexec, rdist in use circa December, 1998. Description See HEWLETT-PACKARD COMPANY SECURITY BULLETIN: 00090, registration required 07 December 1998 for a description of the problem. No other...

Compaq Tru64 Unix inetd vulnerable to DoS

Overview The inetd service on Compaq's Tru64 UNIX is vulnerable to a denial-of-service. Description The inetd service on Compaq's Tru64 UNIX V5.1 all patch levels is vulnerable to a denial-of-service attack in which inetd will stop accepting new connections. In turn, this would disrupt the normal...

MandrakeSoft Mandrake Linux Apache default configuration enables directory indexing

Overview The default installation of Apache on MandrakeSoft Mandrake Linux enables directory indexing on directories that may unnecessarily disclose information about the server. Description MandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The...

mgetty creates temporary files insecurely

Overview mgetty, a replacement for getty designed to support modem and fax use, creates files of a predictable name in a world-writable directory without checking for the prior existence or ownership of the file. Using a symbolic link attack, an intruder might cause the overwrite of arbitrary fil...

phpBB does not adequately validate user input for language selection thereby allowing user to execute arbitrary php code

Overview phpBB is an open-source bulletin board program. A user input validation problem exists with regard to language settings. An intruder can excute arbitrary php code and gain a shell with the privileges of the web server on the system. Description Version 1.4.0 and earlier have a user input...

SCO UnixWare uucico contains buffer overflow via long string of characters sent as command line argument

Overview A buffer overflow in uucico, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sending of...

SCO UnixWare uuxqt contains buffer overflow via long string of characters sent as command line argument

Overview A buffer overflow in uuxqt, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sending of...

Cisco IOS/X12-X15 has default SNMP read/write string of "cable-docsis"

Overview There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read and modify its configuration, creating a denial-of-service condition, an information leak, or both...

MySQL client contains buffer overflow

Overview MySQL is a popular open source database package. The MySQL client that ships with the MySQL package contains a buffer overflow. Description The mysql program, part of the MySQL package, contains a buffer overflow in the host parameter. An intruder who invokes mysql using a specially...

sysback makes call to hostname without a fully qualified path specification

Overview sysback , shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname. Description sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders...

SystemWizard Launch ActiveX Control lacks authentication

Overview Description The SystemWizard "Launch" ActiveX Control may allow attackers to execute arbitrary commands on systems where the control is installed. This control was shipped on HP Pavilion computers running Windows 98, as part of a diagnostic application named "SystemWizard" produced by...

Tenda N300 Wi-Fi 4G LTE Router 4G03 Pro impacted by vulnerabilities

Overview A command injection vulnerability exists across multiple firmware versions that allows an attacker to execute arbitrary commands as root on the affected device. Currently, no solution exists to resolve these vulnerabilities in the Tenda N300 series and Tenda 4G03 Pro devices. Description...

SysTrack LsiAgent.exe contains an improper DLL search order, allowing an attacker to execute arbitrary code and priv esc

Overview Lakeside Software, an IT digital employee experience platform, offers a product called SysTrack, intended for endpoint observability. This program uses an executable called LsiAgent.exe, which attempts to load various Dynamic Link Library DLL files when run. The program does not properly...