Mozilla Linux installer does not properly set file permissions

Overview Mozilla's Linux installers may not properly set file permissions on the installed program files. A local user may then be able to modify or replace these files with malicious versions. Description Some versions of Mozilla's Linux installer may create installation and program files with...

libgcc contains multiple flaws that allow integer type range vulnerabilities to occur at runtime

Overview The libgcc runtime for the gcc and g++ compilers contain multiple flaws that can result in integer type range vulnerabilities in programs that are compiled using the -ftrapv option. Description Both gcc and g++ provide an -ftrapv compiler option that, according to the gcc man page,...

Ethereal crashes when processing malformed RADIUS packets

Overview Ethereal contains a vulnerability in the way it processes Remote Authentication Dial In User Service RADIUS packets. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing RADIUS data. There is a vulnerability that causes Ethereal...

SSH Tectia Server contains a race condition when the password change plugin is enabled

Overview SSH Tectia Server contains a race condition that may permit an authenticated user access to the private key of the server. Exploitation of this vulnerability may lead to the ability to compromise the trust relationships of the vulnerable server. Description SSH Tectia Server versions 4.0...

NetScreen-Security Manager fails to encrypt communications with managed devices

Overview A vulnerability in the NetScreen-Security Manager software could expose sensitive information in cleartext over the network. Description NetScreen Technologies' NetScreen-Security Manager provides centralized management for control of device configuration, network settings and security...

PostgreSQL VACUUM command allows unprivileged user to remove database transaction log data

Overview The PostgreSQL VACUUM command contains a vulnerability that allows an unprivileged user to remove database transaction log data. This may result in unrecoverable data loss. Description PostgreSQL is a database management system. The PostgreSQL VACUUM command is used to clean out records...

DameWare Mini Remote Control vulnerable to buffer overflow via specially crafted packets

Overview DameWare Mini Remote Control is a lightweight remote control intended primarily for administrators and help desks for management of desktop systems. A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system. Description...

Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities

Overview Hummingbird CyberDOCS contains cross site scripting vulnerabilities that could allow an attacker to obtain sensitive information and possibly impersonate legitimate users. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management solution that runs on...

HP-UX "kermit" vulnerable to buffer overflow

Overview HP-UX's implementation of kermit contains a buffer overflow which may allow a local attacker to gain elevated privileges. Description From the Kermit Project:Kermit software offers interactive and scripted file transfer and management, terminal emulation, Unicode-aware character-set...

BEA WebLogic Server fails to discard cached authentication information when web applications are updated

Overview The BEA WebLogic server contains a vulnerability that may allow authenticated users to bypass authentication for a given web application when the application has been updated. Description The BEA WebLogic Server provides a feature that allows it to store user authentication information f...

Sun Solaris asppls(1M) vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview Sun Solaris asppls1M creates temporary files insecurely, leading to possible local root compromise. Description Sun Microsystems describes the function of asppls1M as follows:aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point...

Multiple vulnerabilities exist within credit card chips thereby allowing malicious user to bypass authentication mechanism

Overview French smart card reader terminals can be fooled into accepting imposter smart cards for payment. Description French smart cards are credit cards with an embedded chip containing certain cardholder, account, and authentication information. These cards are read by automated terminals acro...

x_news allows unauthorized users to access administrative menu

Overview xnews allows a user to authenticate without supplying the user's plaintext password. Description xnews is a system for managing news. When a user logs in to xnews version 1.1 using a plaintext password, xnews hashes the password with MD5 and compares it to user's hash stored in the file...

IBM AIX vulnerable to buffer overflow in RCP

Overview IBM AIX contains a buffer-overflow vulnerability that may allow remote attackers to gain root privileges. Description Some versions of IBM AIX used unbounded string operators. This problem was corrected in AIXV4 by changing the unbounded operators to their bounded equivalents. --- Impact...

HP Tru64 UNIX "mailcv" contains buffer overflow (SSRT2193)

Overview The HP Tru64 UNIX implementation of "mailcv" contains a locally exploitable buffer overflow. Description "mailcv" converts dxmail style folders to UNIX style folders. A locally exploitable buffer overflow in "mailcv" may permit a local attacker to gain elevated privileges and execute...

HP Tru64 UNIX "dtsession" contains buffer overflow (SSRT2282)

Overview The HP Tru64 UNIX implementation of "dtsession" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtsession" utility "provides ICCCM 1.1 compliant session management functionality during a user's session, the time from login to logou...

Multiple vendor implementations of file scanning utilities vulnerable to DoS via compressed file archive

Overview Several file scanning utilities, including some virus scanners, may fail and crash when scanning compressed file archives. Description Many file scanners will decompress compressed file archives in memory so their contents can be scanned. However, some of these scanners do not check if...

AOL Instant Messenger saves code embedded in image tag to conversation log which could be viewed/executed by a browser

Overview Certain Alpha versions of AOL Instant Messenger AIM, that were leaked, would log errors to a log file. By sending a crafted image file, it may be possible to execute arbitrary script/HTML on a victims browser when they view the log files. Description AOL Instant Messenger has the ability...

Oracle 9iAS allows access to CGI script source code within CGI-BIN directory

Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server malformed Web Publisher command causes denial-of-service

Overview A vulnerability exists in iPlanet Web Server, Enterprise Edition and Netscape Enterprise Server in which a malformed Web Publisher command can crash the web server process. This vulnerability only affects Windows NT based servers. Description ProCheckup has reported a vulnerability in...

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server Web Publisher command exposes server to brute force attack

Overview A vulnerability exists in iPlanet Web Server Enterprise Edition and Netscape Enterprise Server that allows an attacker to make repeated authentication attempts if a server is configured to use HTTP basic authentication. While the risk is not greater than any other brute force attack usin...

Problem with HP r-cmnds

Overview A problem existed with HP versions of the r-commands remshd, rexecd, rlogin, rlogind, remsh, rcp, rexec, rdist in use circa December, 1998. Description See HEWLETT-PACKARD COMPANY SECURITY BULLETIN: 00090, registration required 07 December 1998 for a description of the problem. No other...

MandrakeSoft Mandrake Linux Apache default configuration enables directory indexing

Overview The default installation of Apache on MandrakeSoft Mandrake Linux enables directory indexing on directories that may unnecessarily disclose information about the server. Description MandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The...

Microsoft Windows 2000 Workstation in mixed-mode domain may ignore domain account lockout restriction due to flaw in NTLM authentication

Overview A flaw in certain configurations of Windows 2000 can allow an intruder to make an unlimited number of guesses to attempt to determine a password, despite policies intended to limit the number of guesses. Description Domain administrators can set policies governing certain aspects of...

Lotus Domino SMTP Server Allows Anonymous Relay of Quoted Addresses

Overview Lotus Domino includes an SMTP server. Under certain configurations, an intruder may be able to relay mail to third parties through the Domino SMTP server. Description An "open" mail server is one that will send mail that is not addressed to and does not originate from a local user. Open...

MySQL client contains buffer overflow

Overview MySQL is a popular open source database package. The MySQL client that ships with the MySQL package contains a buffer overflow. Description The mysql program, part of the MySQL package, contains a buffer overflow in the host parameter. An intruder who invokes mysql using a specially...

sysback makes call to hostname without a fully qualified path specification

Overview sysback , shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname. Description sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders...

SystemWizard Launch ActiveX Control lacks authentication

Overview Description The SystemWizard "Launch" ActiveX Control may allow attackers to execute arbitrary commands on systems where the control is installed. This control was shipped on HP Pavilion computers running Windows 98, as part of a diagnostic application named "SystemWizard" produced by...

Linux kernel contains local privilege escalation vulnerability (Copy Fail)

Overview A privilege escalation vulnerability has been discovered in Linux kernel versions version 4.17 released 2017 and later. Many popular distributions and Linux-based containers are affected. This vulnerability was publicly disclosed on April 29, 2026, has been assigned CVE ID CVE-2026-31431...

Ollama GGUF Quantization Remote Memory Leak

Overview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sensitive data and, i...

Information Leak and DoS Vulnerabilities in Redmi Buds 3 Pro through 6 Pro

Overview Redmi Buds, a series of Bluetooth earbuds produced and sold by Xiaomi, contain an Information Leak vulnerability and a Denial of Service DoS vulnerability in versions 3 Pro through 6 Pro. An attacker within Bluetooth radio range can send specially crafted RFCOMM protocol interactions to...

Authenticated SMTP users may spoof other identities due to ambiguous “From” header interpretation

Overview Email message header syntax can be exploited to bypass authentication protocols such as SPF, DKIM, and DMARC. These exploits enable attackers to deliver spoofed emails that appear to originate from trusted sources. Recent research has explored using the originator fields, such as From: a...

Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

Overview An out-of-bounds OOB read vulnerability has been identified in the Trusted Platform Module TPM 2.0 reference library specification, currently at Level 00, Revision 01.83 March 2024. An attacker with access to a TPM command interface can exploit this vulnerability by sending specially...

Radware Cloud Web Application Firewall Vulnerable to Filter Bypass

Overview The Radware Cloud Web Application Firewall is vulnerable to filter bypass by multiple means. The first is via specially crafted HTTP request and the second being insufficient validation of user-supplied input when processing a special character. An attacker with knowledge of these...

Comcast XFINITY Home Security fails to properly handle wireless communications disruption

Overview Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Description CWE-636: Not Failing Securely 'Failing Open'Comcast XFINITY Home Security system components use the ZigBee communication protocol over a 2.4 GHz radio frequency band...

AjaXplorer contains multiple vulnerabilities

Overview AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme. Description AjaXplorer contains a directory traversal vulnerability in the "Get Template" feature. The URL variables templatename and pluginName can be used to explo...

Unbound multiple denial-of-service vulnerabilities

Overview A specially crafted DNS query containing signed duplicate resource records or a malformed NSEC3 signed resource record may cause Unbound to crash. Description NLnetLabs advisory states:== Description 1: crash on signed duplicate Resource Records There are authoritative servers that...

Support Incident Tracker multiple vulnerabilities

Overview Support Incident Tracker or SiT! version 3.65, and possibly earlier versions, contain multiple vulnerabilities including; malicious file uploads, SQL injection, cross-site scripting, and cross-site request forgery. Description According to the SiT! website:"Support Incident Tracker or Si...

Dell KACE K2000 Appliance contains multiple reflected cross-site scripting vulnerabilities

Overview The administrative web interface for the Dell KACE K2000 System Deployment Appliance contains multiple cross-site scripting vulnerabilities. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating systems deployment...

Lomtec ActiveWeb Professional 3.0 CMS allows arbitrary file upload and execution

Overview Lomtec ActiveWeb Professional 3.0 web content management server allows unauthenticated users to upload arbitrary files. Description According to Lomtec's website: "Lomtec ActiveWeb offers an ideal solution for the creation, maintenance and administration of a Web site and its content. "...

Microsoft IIS FTP server memory corruption vulnerability

Overview Microsoft IIS FTP server 7.5 is affected by a pre-authentication memory corruption vulnerability. Description A specifically crafted request sent to the IIS FTP service can result in memory corruption causing the service to crash. A denial-of-service exploit has been released to the...

Accoria Rock Web Server contains multiple vulnerabilities

Overview Accoria Web Server contains multiple vulnerabilities that collectively could allow an attacker to execute commands through the administration interface. Description The Accoria web server, also known as Rock Web Server, contains several cross-site scripting XSS and cross-site request...

Mozilla Firefox 3.5 TraceMonkey JavaScript engine uninitialized memory vulnerability

Overview Mozilla Firefox's javascript engine contains a vulnerability that may allow an attacker to execute code. Description Mozilla Firefox version 3.5 contains a vulnerability in the TraceMonkey components of Firefox's JavaScript engine.Per Mozilla Bug Bug 503286: "This is a JS engine bug...

PTK contains multiple vulnerabilities

Overview The PTK sleuthkit interface contains multiple vulnerabilities. If exploited, these vulnerabilities may allow an attacker to gain elevated privileges or conduct XSS attacks. Description PTK is an interface to the sleuthkit forensic tools that uses Apache, PHP and MySQL. PTK versions 1.0.0...

RealPlayer file deletion overflow vulnerability

Overview RealPlayer contains a buffer overflow vulnerability that may allow an attacker to execute code on a vulnerable system. Description RealPlayer media player that is distributed by RealNetworks. RealPlayer supports streaming and local media. Per the Zero Day Initiative advisory ZDI-08-046:...

Microsoft Outlook Web Access not may use correct HTTP directive

Overview Some versions of Outlook Web Access OWA may use the no-cache instead of the no-store HTTP 1.1 directive. This results in web browsers caching sensitive information. Description Some versions of Outlook Web Access may use the Cache-Control: no-cache HTTP 1.1 directive. From RFC 2616: If t...

British Telecommunications Consumer webhelper ActiveX control buffer overflows

Overview The British Telecommunications Consumer webhelper ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The registration process for British Telecommunications BT internet...

Google Reader cross-site request forgery vulnerability

Overview Google Reader is vulnerable to a persistent cross-site request forgery attack that may be exploited by a specially crafted RSS feed. Description Google Reader is an online RSS feed reader. It can display text and images when displaying RSS feeds.Google Reader contains a cross-site reques...

IBM Lotus Domino LDAP server DN message heap buffer overflow

Overview The IBM Lotus Domino LDAP server is vulnerable to a heap buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description IBM Lotus Domino server software provides email, calendar, scheduling, and collaboration...

Microsoft Windows fails to properly handle malformed OLE documents

Overview A vulnerability exists in a Microsoft Windows library that is used to handle OLE documents. The complete impact of this vulnerability is not clear, but may include the execution of arbitrary code as well as a denial of service. Description Microsoft OLE documents include summary...