3702 matches found
Majordomo 2 _list_file_get() directory traversal vulnerability
Overview Majordomo 2 contains a directory traversal vulnerability in the listfilegetfunction, which may allow a remote, unauthenticated attacker to obtain sensitive information. Description Majordomo 2 contains a directory traversal vulnerability in the listfilegetfunction lib/Majordomo.pm caused...
Microsoft Winsock buffer overflow
Overview A buffer overflow vulnerability in Microsoft Winsock may allow a remote attacker to execute arbitrary code on an affected system. Description Winsock Windows Socket 2 allows network applications to relay data across a network regardless of the network protocol being used. Microsoft's...
Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection
Overview A vulnerability in Oracle PL/SQL Export Extensions may allow an attacker to modify privileged database information. Description Oracle Extensions, ODCIIndex Interface, andODCIIndexGetMetadata Oracle extensions are used to create customized Oracle database constructs. An indextype is an...
Multiple COM objects cause memory corruption in Microsoft Internet Explorer
Overview Microsoft Internet Explorer IE allows instantiation of COM objects not designed for use in the browser, which may allow a remote attacker to execute arbitrary code or crash IE. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software...
Distributed GL Daemon (DGLD) allows attackers to identify IRIX systems
Overview Attackers are using the presence of the dgld service to identify SGI IRIX systems. Description The CERT/CC has received multiple reports of an apparent vulnerability in the Distributed GL Daemon on SGI IRIX systems. Upon further investigation, it is our belief that no vulnerability exist...
Proxy auto-config (PAC) files have access to full HTTPS URLs
Overview Web proxy auto-config PAC files are passed the full HTTPS URL in GET requests which may expose sensitive data. Description CWE-212: Improper Cross-boundary Removal of Sensitive Data - CVE-2016-5134 Google, CVE-2016-1801 AppleWeb proxy auto-configuration files proxy.pac have access to the...
Apache Struts2 ClassLoader allows access to class properties via request parameters
Overview Apache Struts2 2.3.16.1 and earlier contain a vulnerability where the ClassLoader allows access to class properties via request parameters Description Apache Struts2 2.3.16.1 and earlier contain a vulnerability where the ClassLoader allows access to class properties via request parameter...
CUPS print service is vulnerable to privilege escalation and cross-site scripting
Overview CUPS implements the Internet Printing Protocol IPP for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error. Description CWE-911: Improper Update of Reference Count - CVE-2015-1158An issue with how localized...
ICU Project ICU4C library contains multiple overflow vulnerabilities
Overview ICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow. Description The ICU Project describes ICU as "a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software...
Mobile device monitoring services do not authenticate API requests
Overview The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability. These services and their associated apps can be used to perform non-consensual,...
Hash table implementations vulnerable to algorithmic complexity attacks
Overview Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service DoS condition. Description Many applications, including common...
PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative password
Overview The PolyVision RoomWizard web based scheduling system with touch screen display contains two vulnerabilities that allow an unauthorized user to access the device console and Sync Connector Active Directory credentials. Description The PolyVision RoomWizard is a touch screen scheduling...
Lotus Domino R5 Server Family contains multiple vulnerabilities in LDAP handling code
Overview The Lotus Domino R5 Server Family contains vulnerabilities that may allow denial-of-service attacks, unauthorized privileged access, or both. These vulnerabilities were revealed using the PROTOS LDAPv3 test suite and are documented in CERT Advisory CA-2001-18. If your site uses this...
Netatalk contains multiple error and memory management vulnerabilities
Overview There are six new vulnerabilities in the latest release of Netatalk 3.1.12 that could allow for Remote Code Execution as well as Out-of-bounds Read. Description Below are the new CVEs. Per ZDI: CVE-2022-0194 This vulnerability allows remote attackers to execute arbitrary code on affected...
Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers
Overview The Open Shortest Path First OSPF protocol does not specify unique Link State Advertisement LSA lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service DoS attack. Description CWE-694: Use of Multiple Resources with a Duplicate Identifier The OSPF...
WiFi Protected Setup (WPS) PIN brute force vulnerability
Overview The WiFi Protected Setup WPS PIN is susceptible to a brute force attack. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8...
Exim string_format() buffer overflow
Overview The Exim mail server contains a buffer overflow that could allow a remote attacker to execute arbitrary code on an affected system. Description Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. The internal...
Microsoft IIS WebDAV Remote Authentication Bypass
Overview A vulnerability exists in the way Microsoft Internet Information Server IIS handles unicode tokens that may allow authentication bypass. Description Web-based Distributed Authoring and Versioning WebDAV is a set of HTTP extensions that allow collaborative management and editing of files...
Hewlett Packard OpenView and Tivoli NetView do not adequately validate SNMP trap arguments
Overview Hewlett Packard's HP OpenView and Tivoli NetView are system management software packages. There is a vulnerability a component of these packages, ovactiond, that allows intruders to execute arbitrary commands as user bin. This may subsequently lead to a root compromise. Description HP...
Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal
Overview CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. They discovered multiple new vulnerabilities affecting the device and the firmware, some of which could allow an unauthenticated, local attacker to gain access t...
Cisco WebEx web browser extension allows arbitrary code execution
Overview The Cisco WebEx extensions for Chrome, Firefox, and Internet Explorer allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable Windows system. Description Cisco WebEx is a suite of online meeting software. WebEx meetings are usually joined through a web browser...
Dell BIOS in some Latitude laptops and Precision Mobile Workstations vulnerable to buffer overflow
Overview Dell BIOS in some older Latitude laptops and Precision Mobile Workstations are vulnerable to buffer overflows CWE-119, which can bypass the signed BIOS enforcement standard. Description CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer Dell BIOS in some olde...
Sun Solaris telnet authentication bypass vulnerability
Overview A vulnerability in the Sun Solaris telnet daemon in.telnetd could allow a remote attacker to log on to the system with elevated privileges. Description The Sun Solaris telnet daemon may accept authentication information via the USER environment variable. However, the daemon does not...
Check Point RDP Bypass Vulnerability
Overview Check Point VPN-1/FireWall-1 version 4.0 & 4.1 may allow an intruder to pass traffic through the firewall on port 259. Description Firewall-1 and VPN-1 include support for RDP, but do not provide adequate security controls for RDP data. By adding a faked RDP header to typical UDP traffic...
Compilers permit Unicode control and homoglyph characters
Overview Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers in this report leverage text encoding that may cause source code to be interpreted differently by a compiler than it appears visually to a human reviewer. Source code compilers,...
NTP.org ntpd contains multiple vulnerabilities
Overview The NTP.org reference implementation of ntpd contains multiple vulnerabilities. Description NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities.CWE-294: Authentication Bypass by Capture-replay - CVE-2015-7973 An attacker on the network can record and...
BMC Track-It! contains multiple vulnerabilities
Overview BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities Description CWE-306: Missing Authentication for Critical Function -CVE-2014-4872 BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke...
Oracle Outside In Microsoft Access 1.x parser stack buffer overflow
Overview Oracle Outside In contains a stack buffer overflow vulnerability in the Microsoft Access 1.x database file parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over...
JAMF Software Casper Suite contains a cross-site request forgery vulnerability
Overview JAMF Software's Casper Suite is susceptible to a cross-site request forgery CSRF CWE-352 vulnerability. Description JAMF Software's Casper Suite, a Mac OS X and iOS client management framework, contains a cross-site request forgery CSRF CWE-352 vulnerability. The reporter provided a...
PHP FormMail Generator generates code with multiple vulnerabilities
Overview PHP FormMail Generator is a single-instance website that generates PHP code for standard web forms for inclusion into PHP or WordPress websites. The generated code is vulnerable to authentication bypass and unsafe deserialization of untrusted data. Description CWE-302: Authentication...
Norton "WrapNISUM Class" (WrapUM.dll) ActiveX control allows remote arbitrary command execution
Overview Symantec's Norton Internet Security 2004 Professional is a software package that provides antivirus, antispam, and personal firewall applications. A vulnerability in an Symantec's Norton Internet Security 2004 suite may permit a remote attacker to execute arbitrary commands on the local...
NTP.org ntpd is vulnerable to denial of service and other vulnerabilities
Overview NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. Description NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in t...
Thecus NAS Server N8800 contains multiple vulnerabilities
Overview Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Description The 7 Elements advisory states that the Thecus NAS server N8800 device contains the following vulnerabilities:CVE-2013-5667 - Thecus NAS Server N8800...
Microsoft Windows based applications may insecurely load dynamic libraries
Overview Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. Description Dynamically Linked Libraries DLLs are executable...
Apple QuickTime MPEG-4 movie buffer overflow
Overview Apple QuickTime fails to properly handle MPEG-4 movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and...
Microsoft Internet Explorer buffer overflow in PNG image rendering component
Overview A buffer overflow in the PNG image rendering component of Microsoft Internet Explorer IE may allow a remote attacker to execute code on a vulnerable system. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...
Check Point VPN-1/FireWall-1 4.1 on Nokia IPXXX firewall appliance retransmits original packets
Overview A vulnerability in Check Point VPN-1/FireWall-1 running on Nokia IPXXX Appliances can allow an attacker to pass traffic allowed by the security policy through the firewall while retaining the external untranslated destination IP address. Description Nokia IPXXX Appliances are security...
Apache mod_isapi module library unload results in orphaned callback pointers
Overview The Apache modisapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP server running on Windows platforms...
GoAhead WebServer information disclosure and authentication bypass vulnerabilities
Overview GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU975041. Description GoAhead WebServer contains vulnerabilities...
IBM AIX setsenv buffer overflow
Overview There is a buffer overflow in the IBM AIX setsenv command that may allow local attackers to gain root privileges. Description The setsenv command is used to set protected state environment variables. There is a buffer overflow in a variable value parameter to the setsenv command on IBM A...
Pulse Connect Secure Samba buffer overflow
Overview Pulse Connect Secure PCS gateway contains a buffer overflow vulnerability in Samba-related code that may allow an authenticated remote attacker to execute arbitrary code. Description CVE-2021-22908 PCS includes the ability to connect to Windows file shares SMB. This capability is provide...
Linux kernel perf_swevent_enabled array out-of-bound access privilege escalation vulnerability
Overview The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges. Description The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array...
Oracle Database Net Listener vulnerability
Overview An unspecified vulnerability in Oracle Net Listener may allow a remote attacker to compromise system confidentiality, integrity, and availability. Description Oracle Net Listener contains a vulnerability.The details of this vulnerability are not clear. However, Oracle states this issue c...
CVS contains a heap overflow in the handling of flag insertion
Overview A heap overflow vulnerability in the Concurrent Versions System CVS could allow a remote attacker to execute arbitrary code on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source software development projects. There is a heap memory...
PHP fails to properly parse the headers of HTTP POST requests
Overview A vulnerability has been discovered in PHP. This vulnerability could be used by a remote attacker to execute arbitrary code or crash PHP and/or the web server. Description PHP is a popular scripting language in widespread use. For more information about PHP, see...
Oracle9i Application Server OWA_UTIL procedures expose sensitive information
Overview Oracle9i Application Server iAS provides a Procedural Language/Structured Query Language PL/SQL application package called OWAUTIL that provides web access to a number of stored procedures. These procedures could be used by an attacker to view the source code of PL/SQL applications, obta...
rpc.statd vulnerable to remote root compromise via format string stack overwrite
Overview The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions. Please see the vendors section of this document for specific informatio...
Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition
Overview The Microsoft Windows Kernel Transaction Manager KTM is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation. Description CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization 'Rac...
Embedded devices use non-unique X.509 certificates and SSH host keys
Overview Embedded devices use non-unique X.509 certificates and SSH host keys that can be leveraged in impersonation, man-in-the-middle, or passive decryption attacks. Description CWE-321: Use of Hard-coded Cryptographic Key - Multiple CVEsResearch by Stefan Viehbཬk of SEC Consult has found that...
Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed
Overview Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. CWE-328 Description Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. CWE-32...