Microsoft Windows 2000 SNMP service leaks memory when querying printer objects if spooler service is stopped

Overview A memory leak exists in the Windows 2000 SNMP service. Under a specific precondition, it can result in a remote denial-of-service vulnerability. Description If the SNMP service is running on a Windows 2000 server, and the 'Print Spooler' service is not running, repeatedly using SNMP...

Sun Solaris asppls(1M) vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview Sun Solaris asppls1M creates temporary files insecurely, leading to possible local root compromise. Description Sun Microsystems describes the function of asppls1M as follows:aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point...

Textor Webmasters Ltd listrec.pl does not adequately validate user input thereby allowing arbitrary commands to be executed

Overview Textor Webmasters Ltd listrec.pl CGI script does not properly validate input to the "TEMPLATE" CGI variable, allowing arbitrary command execution. Description The CGI script listrec.pl by Textor Webmasters Ltd does not properly validate input to the "TEMPLATE" CGI variable. This value is...

IBM AIX vulnerable to buffer overflow in RCP

Overview IBM AIX contains a buffer-overflow vulnerability that may allow remote attackers to gain root privileges. Description Some versions of IBM AIX used unbounded string operators. This problem was corrected in AIXV4 by changing the unbounded operators to their bounded equivalents. --- Impact...

Macromedia Flash Player continues to download flash files until browser is closed

Overview Macromedia Flash 6 does not terminate connections when a web user leaves the page. These connections may consume excessive amounts of bandwidth and limit the flow of other data. Description The Macromedia Flash media format enables frame-based animations with sound to be viewed within a...

Mandrake Security may make unexpected system modifications

Overview The Mandrake Security utility included with Mandrake Linux may make unexpected modifications that affect system security. Description Mandrake Linux includes a tool named Mandrake Security msec that allows system administrators to manage and audit various system parameters associated wit...

Verity's Search97 contains a Cross-Site Scripting vulnerability in the processing of search requests

Overview Verity's Search97 application contains a Cross-Site Scripting vulnerability in the processing of search requests. Description Verity's Search97 application contains a Cross-Site Scripting vulnerability in the processing of search requests. This vulnerability is in both the Microsoft...

Novell NetWare default installation contains sample files that disclose sensitive server information

Overview Novell NetWare 5.1 is a network management operating system that enables access to files, printers, directories, email, databases, and other network interfaces, as well as providing a web interface. There is an insecure default configuration that places several sample applications in the...

AOL Instant Messenger vulnerable to denial-of-service attack via buddy list transfers

Overview America Online's Instant Messenger AIM contains a remotely exploitable buffer overflow vulnerability. Description AOL Instant Messenger is a program for communicating with other users over the Internet and is widely used. During a buddy list transfer, a buffer overflow may occur. It has...

ypbind contains buffer overflow

Overview The daemon ypbind on Solaris and SunOS contains a buffer overflow vulnerability. Description A buffer overflow vulnerability has been discovered in ypbind, a daemon that runs on all client and server machines running Solaris and SunOS and set up to use a Network Information Server NIS. -...

Oracle 9iAS allows access to CGI script source code within CGI-BIN directory

Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...

Kerberos Telnet protocol does not adequately protect authentication and encryption options

Overview A vulnerability exists in the Telnet Authentication Option and Telnet Data Encryption Option specifications. An ordered list of authentication and encryption options sent from the server to client during negotiation is not cryptographically protected. As a result, an attacker may be able...

Cisco SN 5420 Storage Router fails to properly authenticate user before granting read access to configuration file

Overview It is possible to read the stored configuration file from the Cisco SN 5420 Storage Router without any authorization. This can lead to an intruder gaining access to the storage space on the router. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router softwa...

Cisco SN 5420 Storage Router vulnerable to DoS via fragmented packet sent over Gigabit interface

Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a fragmented packet over the Gigabit interface. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending a fragmented packe...

Cisco SN 5420 Storage Router vulnerable to DoS via HTTP request containing long headers

Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a HTTP request with a large header. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending an HTTP request with a huge...

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server Web Publisher command exposes server to brute force attack

Overview A vulnerability exists in iPlanet Web Server Enterprise Edition and Netscape Enterprise Server that allows an attacker to make repeated authentication attempts if a server is configured to use HTTP basic authentication. While the risk is not greater than any other brute force attack usin...

MandrakeSoft Mandrake Linux Apache default configuration enables Perl ProxyPass server on 8200/tcp

Overview The default installation of Apache on MandrakeSoft Mandrake Linux configures an instance of the server to run apache-modperl listening on port 8200/tcp. Description MandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The default...

Standard HTML form implementation allows access to IMAP, SMTP, NNTP, POP3, and other services via crafted HTML page

Overview An intruder can send certain kinds of data to services that he is not ordinarily able to reach. By crafting the data such that it is redirected through any program the victim uses to render the malicious HTML, the intruder is able send that data to any services that the victim can send...

Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Lotus Domino R5 Servers are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem...

Lotus Domino vulnerable to a denial of service via DOS device request

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial-of-service situation on the Windows and OS/2 Platforms. Description With the Lotus Domino Web Server, you can access DOS-devices. If this is done through the cgi-bin directory, a ncgihttp.exe process wi...

AT&T WinVNC client authentication process vulnerable to man-in-the-middle attack

Overview WinVNC's challenge/response mechanism can allow an intruder to obtain legitimate credentials from a valid client in order to gain unauthorized access to the server. Description AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be...

Microsoft Windows 2000 Workstation in mixed-mode domain may ignore domain account lockout restriction due to flaw in NTLM authentication

Overview A flaw in certain configurations of Windows 2000 can allow an intruder to make an unlimited number of guesses to attempt to determine a password, despite policies intended to limit the number of guesses. Description Domain administrators can set policies governing certain aspects of...

Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...

Information Leak and DoS Vulnerabilities in Redmi Buds 3 Pro through 6 Pro

Overview Redmi Buds, a series of Bluetooth earbuds produced and sold by Xiaomi, contain an Information Leak vulnerability and a Denial of Service DoS vulnerability in versions 3 Pro through 6 Pro. An attacker within Bluetooth radio range can send specially crafted RFCOMM protocol interactions to...

HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

Overview A vulnerability has been discovered within many HTTP/2 implementations allowing for denial of service DoS attacks through HTTP/2 control frames. This vulnerability is colloquially known as "MadeYouReset" and is tracked as CVE-2025-8671. Some vendors have assigned a specific CVE to their...

Comcast XFINITY Home Security fails to properly handle wireless communications disruption

Overview Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Description CWE-636: Not Failing Securely 'Failing Open'Comcast XFINITY Home Security system components use the ZigBee communication protocol over a 2.4 GHz radio frequency band...

Synology DiskStation Manager VPN module hard-coded password vulnerability

Overview Synology DiskStation Manager VPN module contains a hard-coded password which cannot be changed. Description Synology DiskStation Manager 4.3-3810 update 1 and possibly earlier versions contain a VPN server module which contains a hard-coded password which cannot be changed. According to...

Mutiny Appliance contains multiple directory traversal vulnerabilities

Overview Mutiny appliance contains multiple directory traversal CWE-22 vulnerabilities. Description The Mutiny appliance commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks. Additional details may be found in the Rapid7 blog post entitled, "New 1day Exploit...

AjaXplorer contains multiple vulnerabilities

Overview AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme. Description AjaXplorer contains a directory traversal vulnerability in the "Get Template" feature. The URL variables templatename and pluginName can be used to explo...

Unbound multiple denial-of-service vulnerabilities

Overview A specially crafted DNS query containing signed duplicate resource records or a malformed NSEC3 signed resource record may cause Unbound to crash. Description NLnetLabs advisory states:== Description 1: crash on signed duplicate Resource Records There are authoritative servers that...

UPnP requests accepted over router WAN interfaces

Overview Some Internet router devices incorrectly accept UPnP requests over the WAN interface. Description Universal Plug and Play UPnP is a networking protocol mostly used for personal computing devices to discover and communicate with each other and the Internet. Some UPnP enabled router device...

Mutare Software Enabled VoiceMail (EVM) system web interface cross-site request forgery vulnerabilities

Overview The Mutare Software Enabled VoiceMail EVM system web interface is susceptible to cross-site request forgery and cross-site scripting attacks. Description The Mutare Software Enabled VoiceMail EVM system web interface allows the user to change their Enabled VoiceMail EVM PIN, delete their...

PHP getSymbol vulnerability allows denial of service

Overview PHP fails to properly sanitize input passed to the getSymbol function in a way that could allow and attacker to cause a segmentation fault. Description PHP is a scripting language that is designed for web-based applications and can be embedded directly into HTML. The getSymbol function i...

NetSupport Manager Gateway transmits identifying information in plaintext

Overview The NetSupport HTTP protocol implementation used for communication between the NetSupport Manager Gateway and NetSupport Manager Controls or NetSupport Manager Clients is not encrypting http headers sent between systems. Description The NetSupport HTTP protocol implementation used for...

Ghostscript crashes when passing a null ipsp->ip value to the gs_type2_interpret function

Overview The gstype2interpret function which is a part of Ghostscript is prone to denial-of-service conditions. Description Ghostscript contains a function called gstype2interpret which is not performing null value error checking. A specially crafted document can cause Ghostscript to deference a...

Accoria Rock Web Server contains multiple vulnerabilities

Overview Accoria Web Server contains multiple vulnerabilities that collectively could allow an attacker to execute commands through the administration interface. Description The Accoria web server, also known as Rock Web Server, contains several cross-site scripting XSS and cross-site request...

Windows XP Macromedia Flash 6 ActiveX control use-after-free vulnerability

Overview The Macromedia Flash ActiveX control that is provided with Windows XP contains a memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows XP provides the Macromedia Flash ActiveX...

Microsoft Indeo video codecs contain multiple vulnerabilities

Overview The Indeo video codecs that are provided by Microsoft Windows contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Indeo is a video codec that was developed by Intel and Microsoft. Multiple...

PTK contains multiple vulnerabilities

Overview The PTK sleuthkit interface contains multiple vulnerabilities. If exploited, these vulnerabilities may allow an attacker to gain elevated privileges or conduct XSS attacks. Description PTK is an interface to the sleuthkit forensic tools that uses Apache, PHP and MySQL. PTK versions 1.0.0...

RealPlayer file deletion overflow vulnerability

Overview RealPlayer contains a buffer overflow vulnerability that may allow an attacker to execute code on a vulnerable system. Description RealPlayer media player that is distributed by RealNetworks. RealPlayer supports streaming and local media. Per the Zero Day Initiative advisory ZDI-08-046:...

Icon Labs SSH server vulnerabilities

Overview The Icon Labs Iconfidant SSH server contails multiple vulnerabilities. The most severe of these issues may allow an attacker to cause a vulnerable system to crash. Description The Iconfident SSH is a Secure Shell SSH server that runs on VxWorks-based systems. Versions of the Iconfident...

HP-UX sendmail vulnerable to denial of service

Overview HP-UX contains an unspecified vulnerability in sendmail, which may allow a remote, unauthenticated attacker to cause a denial of service. Description HP-UX systems running sendmail are vulnerable to an unspecified denial of service. According to HP technical document c00841370, the...

Google Reader cross-site request forgery vulnerability

Overview Google Reader is vulnerable to a persistent cross-site request forgery attack that may be exploited by a specially crafted RSS feed. Description Google Reader is an online RSS feed reader. It can display text and images when displaying RSS feeds.Google Reader contains a cross-site reques...

Microsoft Windows fails to properly handle malformed OLE documents

Overview A vulnerability exists in a Microsoft Windows library that is used to handle OLE documents. The complete impact of this vulnerability is not clear, but may include the execution of arbitrary code as well as a denial of service. Description Microsoft OLE documents include summary...

Symantec Mail Security for SMTP arbitrary code execution vulnerability

Overview Symantec Mail Security for SMTP contains a vulnerability that may allow an attacker to execute arbitrary code, or create a denial of service condition. Description Symantec Mail Security for SMTP is an antispam, antivirus, and content filtering software package that scans email. Symantec...

Aruba Mobility Controller vulnerable to privilege escalation

Overview The Aruba Mobility Controller Management Interface contains a privilege escalation vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in...

NetGear wireless driver fails to properly process certain 802.11 management frames

Overview A buffer overflow vulnerability exists in the Netgear MA521nd5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The MA521nd5.SYS driver is a wireless 802.11b device driv...

Secure Elements Class 5 AVR server fails to properly enforce access controls on console operations

Overview The Secure Elements Class 5 AVR server fails to properly enforce access controls on console operations. This may allow a remote attacker to gain unauthorized administrative access to a server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...

Secure Elements Class 5 AVR server fails to enforce integrity of message digests

Overview The Secure Elements Class 5 AVR server fails to enforce integrity of message digests. This may allow a remote attacker to replay and modify messages without knowledge of any keys. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...

RealVNC Server does not validate client authentication method

Overview The RealVNC Server fails to properly authenticate clients. This may allow a remote attacker to bypass authentication and gain access to the VNC server. Description TheVirtual Network ComputingVNC Protocol According to RealVNC, "The VNC protocol is a simple protocol for remote access to...