Oracle Spatial SQL injection vulnerability

Overview Oracle Spatial is vulnerable to SQL injection, possibly allowing a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Spatial fails to properly filter user-supplied input. This could allow a remote attacker to insert arbitrary SQL...

Linksys RT31P2 VoIP router denial of service vulnerabilities

Overview The Linksys RT31P2 VoIP router contains several vulnerabilities that may allow a remote, unauthenticated attacker to cause a denial of service. Description The Linksys RT31P2 is a broadband router that includes Voice over Internet Protocol VoIP telephone functionality. The RT31P2 unit...

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The severity and impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exi...

Reflection for Secure IT Windows Server 6.0 changed case sensitivity of allow and deny lists

Overview Reflection for Secure IT Windows Server version 6.0 uses different case-sensitivity in evaluating the allow and deny lists as previous versions, potentionally allowing unintended access. Description Reflection for Secure IT Windows Server version 6.0, an SSH server from WRQ formerly know...

Microsoft Internet Explorer can use any COM object

Overview Microsoft Internet Explorer IE will attempt to use COM objects that were not intended to be used in the web browser. This can cause a variety of impacts, such as causing IE to crash. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable softwar...

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions Description Multiple vulnerabilities exist in numerous...

paFileDB fails to properly sanitize "query" parameter in "pafiledb.php"

Overview paFileDB works around the default "off" state for the "registerglobals" security directive in PHP and then fails to initialize the "query" variable, which can be used to inject arbitrary SQL queries. Description "paFileDB is designed to allow webmasters have a database of files for...

Groove Mobile Workspace vulnerable to script injection via SharePoint replicated menus

Overview A vulnerability in the way that Groove Mobile Workspace handles SharePoint lists may allow an attacker to execute an arbitrary script. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and applications among other...

phpBB contains an input validation vulnerability in "includes/bbcode.php"

Overview phpBB fails to sanitize user input, allowing the possible inclusion of active script content in user posts. Description phpBB is a widely used Open Source bulletin board package written in PHP.An input validation issue has been identified that allows a malicious phpBB user to include...

Oracle contains multiple SQL injection vulnerabilities

Overview Oracle Database Server versions 9i and 10g contain flaws that may allow SQL injection with privileges of the SYSDBA user. Description Oracle Database Server versions 9i and 10g are vulnerable to SQL injection. These flaws may allow a local attacker with the ability to create function...

Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog

Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...

Remote Execute vulnerable to denial-of-service

Overview Remote Execute cannot handle more than seven connections simultaneously. If more than seven connections are attempted, Remote Execute will crash, resulting in a denial-of-service condition. Description Remote Execute is a network administration tool for the Windows platform that allows...

Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan

Overview A vulnerability in the Symantec Firewall/VPN appliance could allow an attacker to cause a denial-of-service condition. Description The Symantec Firewall/VPN appliance supports a number of services that utilize the UDP protocol including tftpd, snmpd, and isakmp. There is a vulnerability ...

Macromedia JRun Server is vulnerable to buffer overflow

Overview A buffer overflow vulnerability exists in the Macromedia JRun web server that may allow an attacker to cause a denial-of-service condition. Description JRun is an application server that works with most popular web servers, such as Apache and IIS. The JRun web server is vulnerable to a...

Macromedia JRun Server contains an information disclosure vulnerability

Overview An information disclosure vulnerability exists in the Macromedia JRun that may allow an attacker to view the source code of files in the web root directory. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia...

Mozilla Linux installer does not properly set file permissions

Overview Mozilla's Linux installers may not properly set file permissions on the installed program files. A local user may then be able to modify or replace these files with malicious versions. Description Some versions of Mozilla's Linux installer may create installation and program files with...

Sun Enterprise Storage Manager may allow an unprivileged local user to gain root access

Overview A vulnerability exists in Sun StorEdge Enterprise Storage Manager ESM that may allow unauthorized local users to gain root privileges. Description The Sun StorEdge Enterprise Storage Manager ESM version 2.1 for the Sun SPARC platform may allow non-root local users assigned the "EMSUser"...

Sun Solaris Volume Manager (SVM) fails to properly handle malformed probe requests

Overview There is a vulnerability in the Sun Solaris Volume Manager SVM that could allow a local user to cause a denial-of-service condition. Description The Sun Volume Manager is a component of the Solaris operating system and provides disk and storage management. There is a vulnerability in the...

Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate input

Overview There is a vulnerability in an ActiveX control provided by Norton AntiVirus 2004 that could allow an attacker to execute arbitrary programs, launch a browser window containing an unauthorized URL, or cause a denial of service on a vulnerable system. Description Norton AntiVirus 2004 is a...

BEA WebLogic Server stores administrator password in clear text in config.xml

Overview BEA WebLogic Server stores the administrator password used to boot the server in clear text within the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed...

Avaya Argent Office uses weak SNMP authentication mechanism

Overview The Avaya Argent Office does not properly enforce SNMP community string values, resulting in a weakened access control mechanism. Description The Avaya Argent Office does not properly enforce SNMP community string values. It will accept a null string i.e. as a valid community string and...

Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities

Overview Hummingbird CyberDOCS contains cross site scripting vulnerabilities that could allow an attacker to obtain sensitive information and possibly impersonate legitimate users. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management solution that runs on...

Microsoft Internet Explorer fails to properly handle Dynamic HTML (DHTML) behaviors in restricted zones

Overview Microsoft Internet Explorer contains a logic error in the way that it handles DHTML. This error makes it possible to move content from the less trusted Restricted zone into the Internet zone. This vulnerability permits an attacker to execute arbitrary code in the context of the Internet...

Microsoft Internet Explorer does not properly render input type tag

Overview Microsoft Internet Explorer IE does not properly render an input type tag, allowing a remote attacker to cause a denial of service. Description Microsoft Security Bulletin MS03-032 briefly describes ...a flaw in the way Internet Explorer renders Web pages that could cause the browser or...

Ethereal contains integer overflow in Mount dissector

Overview Ethereal is a network traffic analysis package. The mount packet dissector contains a vulnerability that may result in the execution of arbitrary code. Description The mount packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory,...

Lotus iNotes vulnerable to buffer overflow via PresetFields FolderName field

Overview Lotus iNotes contains a buffer overflow that could permit a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable server. Description Lotus iNotes Web Access is a database application that provides "access to corporate messaging services and personal...

Sun Solaris AUTH_DES authentication contains vulnerability allowing user to gain escalated privileges

Overview A remotely exploitable privilege escalation vulnerability exists in multiple versions of Solaris. Description RPC requests utilizing AUTHDES authentication can trigger a privilege escalation vulnerability in multiple versions of Solaris. For more details, please see Sun Alert ID 46944. -...

Multiple vendors' firewalls do not adequately keep state of FTP traffic

Overview Firewalls and other systems that inspect FTP application layer traffic may not adequately maintain the state of FTP commands and responses. As a result, an attacker could establish arbitrary TCP connections to FTP servers or clients located behind a vulnerable firewall. Description Many...

Shambala FTP Server does not adequately validate user input thereby allowing directory traversal

Overview Shambala FTP server has a directory traversal vulnerability in its handling of the CWD command. Description Shambala FTP server contains a directory traversal vulnerability in its handling of the CWD command. Attackers may exploit this vulnerability to read directories and files outside ...

Microsoft Office Web Components allows arbitary user to determine whether local file exists via Chart component "Load" method

Overview Microsoft Office Web Components OWC allows a malicious script on a web page to learn if a file exists on the client's filesystem. Description OWC allows viewing of Microsoft Office documents such as spreadsheets and charts to be viewed within an HTML document in Microsoft Internet Explor...

Mike Spice's Quiz Me! does not adequately validate user input

Overview Mike Spice's Quiz Me! does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Quiz Me! to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Quiz Me! is a CGI script written in...

Mike Spice's Vote does not adequately validate user input

Overview Mike Spice's Vote does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Vote to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Vote is a CGI script written in Perl and...

Jakarta Tomcat serves JSP source code when supplied malformed HTTP request

Overview Tomcat does not adequately validate HTTP requests and may reveal JSP source code if supplied a malformed HTTP request. Description JavaServer Pages JSP is a technology that allows for the creation of dynamic web content. The Apache Jakarta Project implementation of JSP is known as Tomcat...

HP Tru64 UNIX "dtterm" contains buffer overflow (SSRT2280)

Overview The HP Tru64 UNIX implementation of "dtterm" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtterm" utility "provides runtime support of legacy applications written for terminals conforming to ANSI X3.64-1979 and ISO 6429:1992E,...

Magic Enterprise contains multiple shell scripts that allow arbitrary file overwriting via symlink redirection of temporary file

Overview Some versions of Magic eDeveloper Enterprise Edition contain a symbolic-link vulnerability that allows attackers to overwrite data or execute arbitrary commands. Description Magic eDeveloper is a development environment for large-scale and distributed applications.Magic eDeveloper...

Lotus Domino Web Server discloses IP address

Overview Lotus Domino Web server discloses its IP address to some HTTP requests. Description Lotus Domino can be coerced to reveal its IP address by sending it a crafted HTTP request. --- Impact Attackers can discover limited information about the numbering of the Domino server's network. ---...

AOL Instant Messenger installer adds "http://free.aol.com" to Trusted Sites Zone in Microsoft Internet Explorer

Overview The installer for AOL Instant Messenger contains a vulnerability that weakens the security settings of Microsoft Internet Explorer. Description There is a vulnerability in the installer for AOL Instant Messenger AIM that silently adds "http://free.aol.com" to the list of Trusted Sites in...

Oracle 9iAS default configuration allows access to "globals.jsa" file

Overview Oracle Database Server version 9iAS allows remote users to view the "globals.jsa" file used by Java Server Page JSP scripts. The "globals.jsa" file may contain Oracle usernames, passwords, and other configuration information not intended for public viewing, and attackers may use that...

Oracle 9iAS default configuration uses well-known default passwords

Overview Oracle Database Server version 9iAS installs with up to 160 distinct default login accounts. The usernames and passwords for these have been made publicly available and could be used by an attacker to gain access to an Oracle server. Description Depending on the components chosen at...

Buffer overflow vulnerability in pwck command line utility

Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility. Description The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section o...

SCO UnixWare bnuconvert contains buffer overflow via long string of characters sent as command line argument

Overview A buffer overflow in bnuconvert, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sendin...

Microsoft Index Server contains buffer overflow

Overview A buffer overflow exists in Microsoft Index Server 2.0, which may allow remote attackers to execute code with administrarive privileges. Description Microsoft Index Server 2.0 is a tool for building an index of a web site to permit efficient searches. An intruder who can authenticate to...

Cisco IOS/CatOS exposes read-write SNMP community string via traversal of View-based Access Control MIB (VACM) using read-only community string

Overview There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read and modify its configuration, creating a denial-of-service condition, an information leak, or both...

Multiple ftpd implementations contain buffer overflows

Overview A variety of ftp servers incorrectly manage buffers in a way that can lead to remote intruders executing arbitrary code on the FTP server. The incorrect management of buffers centers around the return from the glob function, and may be confused with a related denial-of-service problem...

Local privilege escalation in Linux Kernel (Dirty Frag)

Overview A privilege escalation vulnerability, nicknamed "Dirty Frag," has been discovered in the Linux kernel versions 4.10 and later. This vulnerability is a result of chaining together two previously discovered vulnerabilities, xfrm-ESP Page-Cache Write CVE-2026-43284 and the RxRPC Page-Cache...

Ollama GGUF Quantization Remote Memory Leak

Overview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sensitive data and, i...

MuPDF by Artifex contains integer overflow vulnerability.

Overview Artifex's MuPDF contains an integer overflow vulnerability, CVE-2026-3308, in versions up to and including 1.27.0. Using a specially crafted PDF, an attacker can trigger an integer overflow resulting in out-of-bounds heap writes. This heap corruption typically causes the application to...

Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

Overview An out-of-bounds OOB read vulnerability has been identified in the Trusted Platform Module TPM 2.0 reference library specification, currently at Level 00, Revision 01.83 March 2024. An attacker with access to a TPM command interface can exploit this vulnerability by sending specially...

NetNanny uses a shared private key and root CA

Overview NetNanny uses a shared private key and root Certificate Authority CA, making systems broadly vulnerable to HTTPS spoofing. Description NetNanny installs a Man-in-the-Middle MITM proxy as well as a new trusted root CA certificate. The certificate used by NetNanny is shared among all...

Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests

Overview Simple Certificate Enrollment Protocol SCEP does not strongly authenticate certificate requests made by users or devices. Update March 19, 2025: Solution section has been updated. Description IETF Internet-Draft draft-nourse-scep-23 "...defines a protocol, Simple Certificate Enrollment...