3702 matches found
British Telecommunications Consumer webhelper ActiveX control buffer overflows
Overview The British Telecommunications Consumer webhelper ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The registration process for British Telecommunications BT internet...
OPeNDAP arbitrary command execution vulnerability
Overview The BES daemon in OPeNDAP server version 4 contains a vulnerability. This vulnerability may allow an attacker to execute arbitrary commands, or upload files to a remote server. Description OPeNDAP is a software package designed to help researchers exchange data sets that are stored in...
IBM Lotus Domino LDAP server DN message heap buffer overflow
Overview The IBM Lotus Domino LDAP server is vulnerable to a heap buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description IBM Lotus Domino server software provides email, calendar, scheduling, and collaboration...
Cisco IOS fails to properly process certain packets containing a crafted IP option
Overview Cisco IOS software contains a vulnerablity that may allow an attacker to execute arbitrary code or create a denial of service condition. Description Cisco IOS is an operating system that is used on Cisco network devices. The Internet Control Message Protocol ICMP is a protocol commonly...
NetGear wireless driver fails to properly process certain 802.11 management frames
Overview A buffer overflow vulnerability exists in the Netgear MA521nd5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The MA521nd5.SYS driver is a wireless 802.11b device driv...
NetGear wireless driver fails to properly process certain 802.11 management frames
Overview A buffer overflow vulnerability has been reported in the Netgear WG111v2.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG111v2.SYS driver is a wireless 802.11...
Oracle PREPARE_UNBOUNDED_VIEW procedure vulnerable to PL/SQL injection
Overview The Oracle PREPAREUNBOUNDEDVIEW procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle PREPAREUNBOUNDEDVIEW procedure fails to properly...
Mozilla products fail to properly handle JavaScript regular expressions
Overview Mozilla products fail to properly handle certain JavaScript regular expressions. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Mozilla Foundation Security Advisory 2006-57: ...a...
Secure Elements Class 5 AVR client generates predictable CEIDs
Overview The Secure Elements Class 5 AVR client generates predictable CEIDs. This may allow an attacker to guess the unique identifier of a protected asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces...
Secure Elements Class 5 AVR uses the same encryption key and initialization vector for every message session
Overview Secure Elements Class 5 AVR uses the same encryption key and initialization vector for every message session. This may allow an attacker to discover some information about encrypted messages. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...
Secure Elements Class 5 AVR server fails to properly validate peer certificate when downloading updates
Overview The Secure Elements Class 5 AVR server fails to properly validate the peer certificate when downloading updates. This may allow a remote attacker to distribute malicious updates to the clients. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...
Secure Elements Class 5 AVR server fails to properly enforce access controls on console operations
Overview The Secure Elements Class 5 AVR server fails to properly enforce access controls on console operations. This may allow a remote attacker to gain unauthorized administrative access to a server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...
Oracle DBMS_REPUTIL package vulnerable to SQL injection
Overview An SQL injection vulnerability in the Oracle DBMSREPUTIL package may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle DBMSREPUTIL package contains a SQL injection vulnerability.The details of this vulnerability are not clea...
Oracle products contain multiple vulnerabilities
Overview Multiple vulnerabilities exist in numerous Oracle products. The severity and impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exi...
MediaWiki fails to properly verify input passed to the user language option
Overview A vulnerability in some versions of MediaWiki may allow a remote attacker to execute code on a vulnerable wiki server. Description MediaWiki is a PHP-based software package that is used to run a wiki, a collaborative website that can be edited by any user or visitor. Some versions of the...
Oracle Human Resource Management System vulnerability
Overview An unspecified vulnerability in the Oracle Human Resource Management System HRMS may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description According to Oracle:The Oracle E-Business Suite Human Resources Management family of applications...
Oracle E-Business Suite Applications Technology Stack vulnerability
Overview An unspecified vulnerability in the Oracle Applications Technology Stack may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Applications Technology Stack is a collection of Oracle products bundled with the Oracle E-Business...
paFileDB fails to properly sanitize "query" parameter in "pafiledb.php"
Overview paFileDB works around the default "off" state for the "registerglobals" security directive in PHP and then fails to initialize the "query" variable, which can be used to inject arbitrary SQL queries. Description "paFileDB is designed to allow webmasters have a database of files for...
Groove Mobile Workspace vulnerable to script injection via SharePoint replicated menus
Overview A vulnerability in the way that Groove Mobile Workspace handles SharePoint lists may allow an attacker to execute an arbitrary script. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and applications among other...
QNX PPPoEd vulnerable to buffer overflow
Overview QNX PPPoEd contains a buffer overflow that may allow an attacker to execute arbitrary commands. Description QNX is an RTOS Real-time Operating System. QNX is used in many different devices and industries, including, but not limited to routers manufacturing and processing medical equipmen...
MailPost vulnerable file system information disclosure via HTTP GET request
Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to verify the existance of files anywhere on the local system. Description According to the ProCheckUp report, MailPost contains a vulnerability that may permi...
Mozilla allows signed scripts calling "enablePrivilege" to change contents of a "grant" dialog
Overview A vulnerability in the way Mozilla and its derived programs display dialogs in some circumstances could allow a remote attacker to install and run software on a vulnerable system. Description The Mozilla web browser and related Mozilla products support the ability to run signed scripts...
Mozilla Linux installer does not properly set file permissions
Overview Mozilla's Linux installers may not properly set file permissions on the installed program files. A local user may then be able to modify or replace these files with malicious versions. Description Some versions of Mozilla's Linux installer may create installation and program files with...
Ethereal crashes when processing malformed RADIUS packets
Overview Ethereal contains a vulnerability in the way it processes Remote Authentication Dial In User Service RADIUS packets. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing RADIUS data. There is a vulnerability that causes Ethereal...
GNU Radius accounting service fails to properly handle exceptional Acct-Status-Type and Acct-Session-Id attributes
Overview The GNU Radius accounting service fails to properly handle packets with exceptional Acct-Status-Type and Acct-Session-Id attributes. Description GNU Radius is a software package used for remote user authentication and accounting. There is a vulnerability in the way the radprintrequest...
KaZaA Media Desktop discloses username to remote users
Overview The usernames disclosed by the KaZaA Media Desktop peer-to-peer file sharing application do not present a security vulnerability. Description The KaZaA Media Desktop is a peer-to-peer file sharing application that allows users to search for and download files from other KaZaA users. This...
Avaya Argent Office uses weak SNMP authentication mechanism
Overview The Avaya Argent Office does not properly enforce SNMP community string values, resulting in a weakened access control mechanism. Description The Avaya Argent Office does not properly enforce SNMP community string values. It will accept a null string i.e. as a valid community string and...
Microsoft Internet Explorer fails to properly handle Dynamic HTML (DHTML) behaviors in restricted zones
Overview Microsoft Internet Explorer contains a logic error in the way that it handles DHTML. This error makes it possible to move content from the less trusted Restricted zone into the Internet zone. This vulnerability permits an attacker to execute arbitrary code in the context of the Internet...
Oracle9i Database contains remotely exploitable buffer overflow in "TZ_OFFSET" function
Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 A buffer overflow vulnerability...
Multiple vendors' firewalls do not adequately keep state of FTP traffic
Overview Firewalls and other systems that inspect FTP application layer traffic may not adequately maintain the state of FTP commands and responses. As a result, an attacker could establish arbitrary TCP connections to FTP servers or clients located behind a vulnerable firewall. Description Many...
Sun Solaris asppls(1M) vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview Sun Solaris asppls1M creates temporary files insecurely, leading to possible local root compromise. Description Sun Microsystems describes the function of asppls1M as follows:aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point...
IBM AIX vulnerable to buffer overflow in RCP
Overview IBM AIX contains a buffer-overflow vulnerability that may allow remote attackers to gain root privileges. Description Some versions of IBM AIX used unbounded string operators. This problem was corrected in AIXV4 by changing the unbounded operators to their bounded equivalents. --- Impact...
Jakarta Tomcat serves JSP source code when supplied malformed HTTP request
Overview Tomcat does not adequately validate HTTP requests and may reveal JSP source code if supplied a malformed HTTP request. Description JavaServer Pages JSP is a technology that allows for the creation of dynamic web content. The Apache Jakarta Project implementation of JSP is known as Tomcat...
AOL Instant Messenger vulnerable to denial-of-service attack via buddy list transfers
Overview America Online's Instant Messenger AIM contains a remotely exploitable buffer overflow vulnerability. Description AOL Instant Messenger is a program for communicating with other users over the Internet and is widely used. During a buddy list transfer, a buffer overflow may occur. It has...
Oracle 9iAS default configuration allows access to "globals.jsa" file
Overview Oracle Database Server version 9iAS allows remote users to view the "globals.jsa" file used by Java Server Page JSP scripts. The "globals.jsa" file may contain Oracle usernames, passwords, and other configuration information not intended for public viewing, and attackers may use that...
Kerberos Telnet protocol does not adequately protect authentication and encryption options
Overview A vulnerability exists in the Telnet Authentication Option and Telnet Data Encryption Option specifications. An ordered list of authentication and encryption options sent from the server to client during negotiation is not cryptographically protected. As a result, an attacker may be able...
Cisco SN 5420 Storage Router vulnerable to DoS via fragmented packet sent over Gigabit interface
Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a fragmented packet over the Gigabit interface. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending a fragmented packe...
Cisco SN 5420 Storage Router vulnerable to DoS via HTTP request containing long headers
Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a HTTP request with a large header. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending an HTTP request with a huge...
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server Web Publisher command exposes server to brute force attack
Overview A vulnerability exists in iPlanet Web Server Enterprise Edition and Netscape Enterprise Server that allows an attacker to make repeated authentication attempts if a server is configured to use HTTP basic authentication. While the risk is not greater than any other brute force attack usin...
Standard HTML form implementation allows access to IMAP, SMTP, NNTP, POP3, and other services via crafted HTML page
Overview An intruder can send certain kinds of data to services that he is not ordinarily able to reach. By crafting the data such that it is redirected through any program the victim uses to render the malicious HTML, the intruder is able send that data to any services that the victim can send...
Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Lotus Domino R5 Servers are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem...
Lotus Domino vulnerable to a denial of service via DOS device request
Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial-of-service situation on the Windows and OS/2 Platforms. Description With the Lotus Domino Web Server, you can access DOS-devices. If this is done through the cgi-bin directory, a ncgihttp.exe process wi...
AT&T WinVNC client authentication process vulnerable to man-in-the-middle attack
Overview WinVNC's challenge/response mechanism can allow an intruder to obtain legitimate credentials from a valid client in order to gain unauthorized access to the server. Description AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be...
Multiple ftpd implementations contain buffer overflows
Overview A variety of ftp servers incorrectly manage buffers in a way that can lead to remote intruders executing arbitrary code on the FTP server. The incorrect management of buffers centers around the return from the glob function, and may be confused with a related denial-of-service problem...
Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks
Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...
CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read
Overview Four vulnerabilities have been identified in CrewAI, including remote code execution RCE, arbitrary local file read, and server-side request forgery SSRF. CVE-2026-2275 is directly caused by the Code Interpreter Tool. The other three vulnerabilities result from improper default...
Information Leak and DoS Vulnerabilities in Redmi Buds 3 Pro through 6 Pro
Overview Redmi Buds, a series of Bluetooth earbuds produced and sold by Xiaomi, contain an Information Leak vulnerability and a Denial of Service DoS vulnerability in versions 3 Pro through 6 Pro. An attacker within Bluetooth radio range can send specially crafted RFCOMM protocol interactions to...
Use-after-free vulnerability in lighttpd version 1.4.50 and earlier
Overview A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker can use crafted HTTP Requests to crash the web server and/or leak memory in order to access...
Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account
Overview Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary file writes. A low privileged attacker can escalate privileges to root on affected systems. Description Every five hours t...
Comcast XFINITY Home Security fails to properly handle wireless communications disruption
Overview Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Description CWE-636: Not Failing Securely 'Failing Open'Comcast XFINITY Home Security system components use the ZigBee communication protocol over a 2.4 GHz radio frequency band...