3702 matches found
Kerberos Telnet protocol does not adequately protect authentication and encryption options
Overview A vulnerability exists in the Telnet Authentication Option and Telnet Data Encryption Option specifications. An ordered list of authentication and encryption options sent from the server to client during negotiation is not cryptographically protected. As a result, an attacker may be able...
Cisco SN 5420 Storage Router vulnerable to DoS via fragmented packet sent over Gigabit interface
Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a fragmented packet over the Gigabit interface. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending a fragmented packe...
Cisco SN 5420 Storage Router vulnerable to DoS via HTTP request containing long headers
Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a HTTP request with a large header. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending an HTTP request with a huge...
Standard HTML form implementation allows access to IMAP, SMTP, NNTP, POP3, and other services via crafted HTML page
Overview An intruder can send certain kinds of data to services that he is not ordinarily able to reach. By crafting the data such that it is redirected through any program the victim uses to render the malicious HTML, the intruder is able send that data to any services that the victim can send...
Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Lotus Domino R5 Servers are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem...
Lotus Domino vulnerable to a denial of service via DOS device request
Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial-of-service situation on the Windows and OS/2 Platforms. Description With the Lotus Domino Web Server, you can access DOS-devices. If this is done through the cgi-bin directory, a ncgihttp.exe process wi...
AT&T WinVNC client authentication process vulnerable to man-in-the-middle attack
Overview WinVNC's challenge/response mechanism can allow an intruder to obtain legitimate credentials from a valid client in order to gain unauthorized access to the server. Description AT&T WinVNC is a free package available from AT&T Labs Cambridge that allows an existing desktop of a PC to be...
Multiple ftpd implementations contain buffer overflows
Overview A variety of ftp servers incorrectly manage buffers in a way that can lead to remote intruders executing arbitrary code on the FTP server. The incorrect management of buffers centers around the return from the glob function, and may be confused with a related denial-of-service problem...
Alcatel ADSL modems grant unauthenticated TFTP access via Bounce Attacks
Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...
CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read
Overview Four vulnerabilities have been identified in CrewAI, including remote code execution RCE, arbitrary local file read, and server-side request forgery SSRF. CVE-2026-2275 is directly caused by the Code Interpreter Tool. The other three vulnerabilities result from improper default...
Information Leak and DoS Vulnerabilities in Redmi Buds 3 Pro through 6 Pro
Overview Redmi Buds, a series of Bluetooth earbuds produced and sold by Xiaomi, contain an Information Leak vulnerability and a Denial of Service DoS vulnerability in versions 3 Pro through 6 Pro. An attacker within Bluetooth radio range can send specially crafted RFCOMM protocol interactions to...
Use-after-free vulnerability in lighttpd version 1.4.50 and earlier
Overview A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker can use crafted HTTP Requests to crash the web server and/or leak memory in order to access...
Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account
Overview Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary file writes. A low privileged attacker can escalate privileges to root on affected systems. Description Every five hours t...
Comcast XFINITY Home Security fails to properly handle wireless communications disruption
Overview Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Description CWE-636: Not Failing Securely 'Failing Open'Comcast XFINITY Home Security system components use the ZigBee communication protocol over a 2.4 GHz radio frequency band...
Mutiny Appliance contains multiple directory traversal vulnerabilities
Overview Mutiny appliance contains multiple directory traversal CWE-22 vulnerabilities. Description The Mutiny appliance commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks. Additional details may be found in the Rapid7 blog post entitled, "New 1day Exploit...
Adobe Shockwave player provides vulnerable Flash runtime
Overview Adobe Shockwave Player 12.1.1.151 and earlier versions on the Windows and Macintosh operating systems provide a vulnerable version of the Flash runtime. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director...
AjaXplorer contains multiple vulnerabilities
Overview AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme. Description AjaXplorer contains a directory traversal vulnerability in the "Get Template" feature. The URL variables templatename and pluginName can be used to explo...
Mutare Software Enabled VoiceMail (EVM) system web interface cross-site request forgery vulnerabilities
Overview The Mutare Software Enabled VoiceMail EVM system web interface is susceptible to cross-site request forgery and cross-site scripting attacks. Description The Mutare Software Enabled VoiceMail EVM system web interface allows the user to change their Enabled VoiceMail EVM PIN, delete their...
PHP getSymbol vulnerability allows denial of service
Overview PHP fails to properly sanitize input passed to the getSymbol function in a way that could allow and attacker to cause a segmentation fault. Description PHP is a scripting language that is designed for web-based applications and can be embedded directly into HTML. The getSymbol function i...
Accoria Rock Web Server contains multiple vulnerabilities
Overview Accoria Web Server contains multiple vulnerabilities that collectively could allow an attacker to execute commands through the administration interface. Description The Accoria web server, also known as Rock Web Server, contains several cross-site scripting XSS and cross-site request...
Windows XP Macromedia Flash 6 ActiveX control use-after-free vulnerability
Overview The Macromedia Flash ActiveX control that is provided with Windows XP contains a memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows XP provides the Macromedia Flash ActiveX...
PTK contains multiple vulnerabilities
Overview The PTK sleuthkit interface contains multiple vulnerabilities. If exploited, these vulnerabilities may allow an attacker to gain elevated privileges or conduct XSS attacks. Description PTK is an interface to the sleuthkit forensic tools that uses Apache, PHP and MySQL. PTK versions 1.0.0...
Icon Labs SSH server vulnerabilities
Overview The Icon Labs Iconfidant SSH server contails multiple vulnerabilities. The most severe of these issues may allow an attacker to cause a vulnerable system to crash. Description The Iconfident SSH is a Secure Shell SSH server that runs on VxWorks-based systems. Versions of the Iconfident...
Zenturi ProgramChecker ActiveX buffer overflow vulnerabilities
Overview Zenturi ProgramChecker contains multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Zenturi ProgramChecker is a set of "... easy to use tools to analyze, validate, authenticate and research th...
Symantec Mail Security for SMTP arbitrary code execution vulnerability
Overview Symantec Mail Security for SMTP contains a vulnerability that may allow an attacker to execute arbitrary code, or create a denial of service condition. Description Symantec Mail Security for SMTP is an antispam, antivirus, and content filtering software package that scans email. Symantec...
Aruba Mobility Controller vulnerable to privilege escalation
Overview The Aruba Mobility Controller Management Interface contains a privilege escalation vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in...
Secure Elements Class 5 AVR client sends messages in cleartext
Overview The Secure Elements Class 5 AVR client sends messages in cleartext. This may allow an attacker to read traffic from an asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces security policies on...
Linksys RT31P2 VoIP router denial of service vulnerabilities
Overview The Linksys RT31P2 VoIP router contains several vulnerabilities that may allow a remote, unauthenticated attacker to cause a denial of service. Description The Linksys RT31P2 is a broadband router that includes Voice over Internet Protocol VoIP telephone functionality. The RT31P2 unit...
Microsoft BlnMgr Proxy (blnmgrps.dll) COM object fails to implement required methods
Overview The Microsoft BlnMgr Proxy COM object fails to implement the methods required by the IDispatch interface, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable...
Reflection for Secure IT Windows Server 6.0 changed case sensitivity of allow and deny lists
Overview Reflection for Secure IT Windows Server version 6.0 uses different case-sensitivity in evaluating the allow and deny lists as previous versions, potentionally allowing unintended access. Description Reflection for Secure IT Windows Server version 6.0, an SSH server from WRQ formerly know...
phpBB contains an input validation vulnerability in "includes/bbcode.php"
Overview phpBB fails to sanitize user input, allowing the possible inclusion of active script content in user posts. Description phpBB is a widely used Open Source bulletin board package written in PHP.An input validation issue has been identified that allows a malicious phpBB user to include...
Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog
Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...
Remote Execute vulnerable to denial-of-service
Overview Remote Execute cannot handle more than seven connections simultaneously. If more than seven connections are attempted, Remote Execute will crash, resulting in a denial-of-service condition. Description Remote Execute is a network administration tool for the Windows platform that allows...
Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan
Overview A vulnerability in the Symantec Firewall/VPN appliance could allow an attacker to cause a denial-of-service condition. Description The Symantec Firewall/VPN appliance supports a number of services that utilize the UDP protocol including tftpd, snmpd, and isakmp. There is a vulnerability ...
Macromedia JRun Server is vulnerable to buffer overflow
Overview A buffer overflow vulnerability exists in the Macromedia JRun web server that may allow an attacker to cause a denial-of-service condition. Description JRun is an application server that works with most popular web servers, such as Apache and IIS. The JRun web server is vulnerable to a...
Macromedia JRun Server contains an information disclosure vulnerability
Overview An information disclosure vulnerability exists in the Macromedia JRun that may allow an attacker to view the source code of files in the web root directory. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia...
Sun Enterprise Storage Manager may allow an unprivileged local user to gain root access
Overview A vulnerability exists in Sun StorEdge Enterprise Storage Manager ESM that may allow unauthorized local users to gain root privileges. Description The Sun StorEdge Enterprise Storage Manager ESM version 2.1 for the Sun SPARC platform may allow non-root local users assigned the "EMSUser"...
Multiple Cisco ONS control cards fail to properly handle malformed IP packets
Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...
Sun Solaris Volume Manager (SVM) fails to properly handle malformed probe requests
Overview There is a vulnerability in the Sun Solaris Volume Manager SVM that could allow a local user to cause a denial-of-service condition. Description The Sun Volume Manager is a component of the Solaris operating system and provides disk and storage management. There is a vulnerability in the...
Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate input
Overview There is a vulnerability in an ActiveX control provided by Norton AntiVirus 2004 that could allow an attacker to execute arbitrary programs, launch a browser window containing an unauthorized URL, or cause a denial of service on a vulnerable system. Description Norton AntiVirus 2004 is a...
BEA WebLogic Server stores administrator password in clear text in config.xml
Overview BEA WebLogic Server stores the administrator password used to boot the server in clear text within the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed...
Hummingbird CyberDOCS error page discloses web server installation path
Overview Hummingbird CyberDOCS contains a vulnerability that could allow a remote attacker to learn the installation path of the web server. This information could be used to support further attacks. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management...
Ethereal contains integer overflow in Mount dissector
Overview Ethereal is a network traffic analysis package. The mount packet dissector contains a vulnerability that may result in the execution of arbitrary code. Description The mount packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory,...
Automatic File Content Type Recognition Tool vulnerable to stack overflow
Overview A buffer overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" versions of the file1 package prior to 3.41. Description The file1 package is used to examine files on the system. According to an OpenPKG advisory, a stack overflow vulnerability exists in the...
Shambala FTP Server does not adequately validate user input thereby allowing directory traversal
Overview Shambala FTP server has a directory traversal vulnerability in its handling of the CWD command. Description Shambala FTP server contains a directory traversal vulnerability in its handling of the CWD command. Attackers may exploit this vulnerability to read directories and files outside ...
Microsoft Office Web Components allows arbitary user to determine whether local file exists via Chart component "Load" method
Overview Microsoft Office Web Components OWC allows a malicious script on a web page to learn if a file exists on the client's filesystem. Description OWC allows viewing of Microsoft Office documents such as spreadsheets and charts to be viewed within an HTML document in Microsoft Internet Explor...
Mike Spice's Quiz Me! does not adequately validate user input
Overview Mike Spice's Quiz Me! does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Quiz Me! to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Quiz Me! is a CGI script written in...
HP Tru64 UNIX "dtterm" contains buffer overflow (SSRT2280)
Overview The HP Tru64 UNIX implementation of "dtterm" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtterm" utility "provides runtime support of legacy applications written for terminals conforming to ANSI X3.64-1979 and ISO 6429:1992E,...
HP Tru64 UNIX "rdist" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "rdist" contains a locally exploitable buffer overflow. Description "rdist" allows a user to maintain identical copies of files on multiple hosts. A locally exploitable buffer overflow in "rdist" may permit a local attacker to gain elevated privileges...
HP Tru64 UNIX "lpc" contains buffer overflow (SSRT2260)
Overview The HP Tru64 UNIX implementation of "lpc" contains a locally exploitable buffer overflow. Description "lpc" is used to control the line printer system. A locally exploitable buffer overflow in "lpc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...