3702 matches found
Adobe Shockwave player provides vulnerable Flash runtime
Overview Adobe Shockwave Player 12.1.1.151 and earlier versions on the Windows and Macintosh operating systems provide a vulnerable version of the Flash runtime. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director...
AjaXplorer contains multiple vulnerabilities
Overview AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme. Description AjaXplorer contains a directory traversal vulnerability in the "Get Template" feature. The URL variables templatename and pluginName can be used to explo...
Unbound multiple denial-of-service vulnerabilities
Overview A specially crafted DNS query containing signed duplicate resource records or a malformed NSEC3 signed resource record may cause Unbound to crash. Description NLnetLabs advisory states:== Description 1: crash on signed duplicate Resource Records There are authoritative servers that...
Mutare Software Enabled VoiceMail (EVM) system web interface cross-site request forgery vulnerabilities
Overview The Mutare Software Enabled VoiceMail EVM system web interface is susceptible to cross-site request forgery and cross-site scripting attacks. Description The Mutare Software Enabled VoiceMail EVM system web interface allows the user to change their Enabled VoiceMail EVM PIN, delete their...
PHP getSymbol vulnerability allows denial of service
Overview PHP fails to properly sanitize input passed to the getSymbol function in a way that could allow and attacker to cause a segmentation fault. Description PHP is a scripting language that is designed for web-based applications and can be embedded directly into HTML. The getSymbol function i...
Accoria Rock Web Server contains multiple vulnerabilities
Overview Accoria Web Server contains multiple vulnerabilities that collectively could allow an attacker to execute commands through the administration interface. Description The Accoria web server, also known as Rock Web Server, contains several cross-site scripting XSS and cross-site request...
Windows XP Macromedia Flash 6 ActiveX control use-after-free vulnerability
Overview The Macromedia Flash ActiveX control that is provided with Windows XP contains a memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows XP provides the Macromedia Flash ActiveX...
PTK contains multiple vulnerabilities
Overview The PTK sleuthkit interface contains multiple vulnerabilities. If exploited, these vulnerabilities may allow an attacker to gain elevated privileges or conduct XSS attacks. Description PTK is an interface to the sleuthkit forensic tools that uses Apache, PHP and MySQL. PTK versions 1.0.0...
RealPlayer file deletion overflow vulnerability
Overview RealPlayer contains a buffer overflow vulnerability that may allow an attacker to execute code on a vulnerable system. Description RealPlayer media player that is distributed by RealNetworks. RealPlayer supports streaming and local media. Per the Zero Day Initiative advisory ZDI-08-046:...
Icon Labs SSH server vulnerabilities
Overview The Icon Labs Iconfidant SSH server contails multiple vulnerabilities. The most severe of these issues may allow an attacker to cause a vulnerable system to crash. Description The Iconfident SSH is a Secure Shell SSH server that runs on VxWorks-based systems. Versions of the Iconfident...
Zenturi ProgramChecker ActiveX buffer overflow vulnerabilities
Overview Zenturi ProgramChecker contains multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Zenturi ProgramChecker is a set of "... easy to use tools to analyze, validate, authenticate and research th...
HP-UX sendmail vulnerable to denial of service
Overview HP-UX contains an unspecified vulnerability in sendmail, which may allow a remote, unauthenticated attacker to cause a denial of service. Description HP-UX systems running sendmail are vulnerable to an unspecified denial of service. According to HP technical document c00841370, the...
Google Reader cross-site request forgery vulnerability
Overview Google Reader is vulnerable to a persistent cross-site request forgery attack that may be exploited by a specially crafted RSS feed. Description Google Reader is an online RSS feed reader. It can display text and images when displaying RSS feeds.Google Reader contains a cross-site reques...
Symantec Mail Security for SMTP arbitrary code execution vulnerability
Overview Symantec Mail Security for SMTP contains a vulnerability that may allow an attacker to execute arbitrary code, or create a denial of service condition. Description Symantec Mail Security for SMTP is an antispam, antivirus, and content filtering software package that scans email. Symantec...
Aruba Mobility Controller vulnerable to privilege escalation
Overview The Aruba Mobility Controller Management Interface contains a privilege escalation vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in...
Secure Elements Class 5 AVR client sends messages in cleartext
Overview The Secure Elements Class 5 AVR client sends messages in cleartext. This may allow an attacker to read traffic from an asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces security policies on...
Secure Elements Class 5 AVR server fails to enforce integrity of message digests
Overview The Secure Elements Class 5 AVR server fails to enforce integrity of message digests. This may allow a remote attacker to replay and modify messages without knowledge of any keys. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...
Linksys RT31P2 VoIP router denial of service vulnerabilities
Overview The Linksys RT31P2 VoIP router contains several vulnerabilities that may allow a remote, unauthenticated attacker to cause a denial of service. Description The Linksys RT31P2 is a broadband router that includes Voice over Internet Protocol VoIP telephone functionality. The RT31P2 unit...
Oracle Spatial SQL injection vulnerability
Overview Oracle Spatial is vulnerable to SQL injection, possibly allowing a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Spatial fails to properly filter user-supplied input. This could allow a remote attacker to insert arbitrary SQL...
Oracle products contain multiple vulnerabilities
Overview Multiple vulnerabilities exist in numerous Oracle products. The severity and impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exi...
Microsoft BlnMgr Proxy (blnmgrps.dll) COM object fails to implement required methods
Overview The Microsoft BlnMgr Proxy COM object fails to implement the methods required by the IDispatch interface, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable...
DameWare Mini Remote Control vulnerable to buffer overflow via specially crafted authentication requests
Overview A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system. Description DameWare Mini Remote Control is a lightweight remote control program intended primarily for administrators and help desks to manage desktop systems....
Reflection for Secure IT Windows Server 6.0 changed case sensitivity of allow and deny lists
Overview Reflection for Secure IT Windows Server version 6.0 uses different case-sensitivity in evaluating the allow and deny lists as previous versions, potentionally allowing unintended access. Description Reflection for Secure IT Windows Server version 6.0, an SSH server from WRQ formerly know...
phpBB contains an input validation vulnerability in "includes/bbcode.php"
Overview phpBB fails to sanitize user input, allowing the possible inclusion of active script content in user posts. Description phpBB is a widely used Open Source bulletin board package written in PHP.An input validation issue has been identified that allows a malicious phpBB user to include...
Oracle contains multiple SQL injection vulnerabilities
Overview Oracle Database Server versions 9i and 10g contain flaws that may allow SQL injection with privileges of the SYSDBA user. Description Oracle Database Server versions 9i and 10g are vulnerable to SQL injection. These flaws may allow a local attacker with the ability to create function...
Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog
Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...
Remote Execute vulnerable to denial-of-service
Overview Remote Execute cannot handle more than seven connections simultaneously. If more than seven connections are attempted, Remote Execute will crash, resulting in a denial-of-service condition. Description Remote Execute is a network administration tool for the Windows platform that allows...
Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan
Overview A vulnerability in the Symantec Firewall/VPN appliance could allow an attacker to cause a denial-of-service condition. Description The Symantec Firewall/VPN appliance supports a number of services that utilize the UDP protocol including tftpd, snmpd, and isakmp. There is a vulnerability ...
Macromedia JRun Server contains an information disclosure vulnerability
Overview An information disclosure vulnerability exists in the Macromedia JRun that may allow an attacker to view the source code of files in the web root directory. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia...
Macromedia JRun Server is vulnerable to buffer overflow
Overview A buffer overflow vulnerability exists in the Macromedia JRun web server that may allow an attacker to cause a denial-of-service condition. Description JRun is an application server that works with most popular web servers, such as Apache and IIS. The JRun web server is vulnerable to a...
Sun Enterprise Storage Manager may allow an unprivileged local user to gain root access
Overview A vulnerability exists in Sun StorEdge Enterprise Storage Manager ESM that may allow unauthorized local users to gain root privileges. Description The Sun StorEdge Enterprise Storage Manager ESM version 2.1 for the Sun SPARC platform may allow non-root local users assigned the "EMSUser"...
Sun Solaris Volume Manager (SVM) fails to properly handle malformed probe requests
Overview There is a vulnerability in the Sun Solaris Volume Manager SVM that could allow a local user to cause a denial-of-service condition. Description The Sun Volume Manager is a component of the Solaris operating system and provides disk and storage management. There is a vulnerability in the...
Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate input
Overview There is a vulnerability in an ActiveX control provided by Norton AntiVirus 2004 that could allow an attacker to execute arbitrary programs, launch a browser window containing an unauthorized URL, or cause a denial of service on a vulnerable system. Description Norton AntiVirus 2004 is a...
BEA WebLogic Server stores administrator password in clear text in config.xml
Overview BEA WebLogic Server stores the administrator password used to boot the server in clear text within the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed...
Ethereal fails to properly handle malformed color filter files
Overview Ethereal fails to properly handle malformed color filter files, which could allow an attacker to cause a segmentation fault. Description Ethereal is a network traffic analysis package. It provides a feature that allows a user to customize the foreground and background colors of packet...
Hummingbird CyberDOCS error page discloses web server installation path
Overview Hummingbird CyberDOCS contains a vulnerability that could allow a remote attacker to learn the installation path of the web server. This information could be used to support further attacks. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management...
Ethereal contains integer overflow in Mount dissector
Overview Ethereal is a network traffic analysis package. The mount packet dissector contains a vulnerability that may result in the execution of arbitrary code. Description The mount packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory,...
Automatic File Content Type Recognition Tool vulnerable to stack overflow
Overview A buffer overflow vulnerability exists in the "Automatic File Content Type Recognition Tool" versions of the file1 package prior to 3.41. Description The file1 package is used to examine files on the system. According to an OpenPKG advisory, a stack overflow vulnerability exists in the...
Microsoft Windows 2000 SNMP service leaks memory when querying printer objects if spooler service is stopped
Overview A memory leak exists in the Windows 2000 SNMP service. Under a specific precondition, it can result in a remote denial-of-service vulnerability. Description If the SNMP service is running on a Windows 2000 server, and the 'Print Spooler' service is not running, repeatedly using SNMP...
Shambala FTP Server does not adequately validate user input thereby allowing directory traversal
Overview Shambala FTP server has a directory traversal vulnerability in its handling of the CWD command. Description Shambala FTP server contains a directory traversal vulnerability in its handling of the CWD command. Attackers may exploit this vulnerability to read directories and files outside ...
Microsoft Office Web Components allows arbitary user to determine whether local file exists via Chart component "Load" method
Overview Microsoft Office Web Components OWC allows a malicious script on a web page to learn if a file exists on the client's filesystem. Description OWC allows viewing of Microsoft Office documents such as spreadsheets and charts to be viewed within an HTML document in Microsoft Internet Explor...
Mike Spice's Quiz Me! does not adequately validate user input
Overview Mike Spice's Quiz Me! does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Quiz Me! to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Quiz Me! is a CGI script written in...
HP Tru64 UNIX "dtterm" contains buffer overflow (SSRT2280)
Overview The HP Tru64 UNIX implementation of "dtterm" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtterm" utility "provides runtime support of legacy applications written for terminals conforming to ANSI X3.64-1979 and ISO 6429:1992E,...
HP Tru64 UNIX "rdist" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "rdist" contains a locally exploitable buffer overflow. Description "rdist" allows a user to maintain identical copies of files on multiple hosts. A locally exploitable buffer overflow in "rdist" may permit a local attacker to gain elevated privileges...
HP Tru64 UNIX "lpc" contains buffer overflow (SSRT2260)
Overview The HP Tru64 UNIX implementation of "lpc" contains a locally exploitable buffer overflow. Description "lpc" is used to control the line printer system. A locally exploitable buffer overflow in "lpc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
Macromedia Flash Player continues to download flash files until browser is closed
Overview Macromedia Flash 6 does not terminate connections when a web user leaves the page. These connections may consume excessive amounts of bandwidth and limit the flow of other data. Description The Macromedia Flash media format enables frame-based animations with sound to be viewed within a...
Magic Enterprise contains multiple shell scripts that allow arbitrary file overwriting via symlink redirection of temporary file
Overview Some versions of Magic eDeveloper Enterprise Edition contain a symbolic-link vulnerability that allows attackers to overwrite data or execute arbitrary commands. Description Magic eDeveloper is a development environment for large-scale and distributed applications.Magic eDeveloper...
Novell NetWare default installation contains sample files that disclose sensitive server information
Overview Novell NetWare 5.1 is a network management operating system that enables access to files, printers, directories, email, databases, and other network interfaces, as well as providing a web interface. There is an insecure default configuration that places several sample applications in the...
AOL Instant Messenger installer adds "http://free.aol.com" to Trusted Sites Zone in Microsoft Internet Explorer
Overview The installer for AOL Instant Messenger contains a vulnerability that weakens the security settings of Microsoft Internet Explorer. Description There is a vulnerability in the installer for AOL Instant Messenger AIM that silently adds "http://free.aol.com" to the list of Trusted Sites in...
ypbind contains buffer overflow
Overview The daemon ypbind on Solaris and SunOS contains a buffer overflow vulnerability. Description A buffer overflow vulnerability has been discovered in ypbind, a daemon that runs on all client and server machines running Solaris and SunOS and set up to use a Network Information Server NIS. -...