NetNanny uses a shared private key and root CA

Overview NetNanny uses a shared private key and root Certificate Authority CA, making systems broadly vulnerable to HTTPS spoofing. Description NetNanny installs a Man-in-the-Middle MITM proxy as well as a new trusted root CA certificate. The certificate used by NetNanny is shared among all...

Adobe Shockwave player provides vulnerable Flash runtime

Overview Adobe Shockwave Player 12.1.1.151 and earlier versions on the Windows and Macintosh operating systems provide a vulnerable version of the Flash runtime. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director...

Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests

Overview Simple Certificate Enrollment Protocol SCEP does not strongly authenticate certificate requests made by users or devices. Update March 19, 2025: Solution section has been updated. Description IETF Internet-Draft draft-nourse-scep-23 "...defines a protocol, Simple Certificate Enrollment...

InspIRCd heap corruption vulnerability

Overview InspIRCd 2.0.5 and possibly other versions contain a heap corruption vulnerability that may be exploited with a specifically crafted DNS query. Description InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res buffer is allocated on the heap and can b...

Washington Courts website vulnerable to SQL injection and cross-site scripting

Overview The Washington Courts website http://www.courts.wa.gov/ is vulnerable to SQL injection and cross-site scripting. An attacker could gain access to information stored on the site or manipulate how the site appears to victims who browse to an attacker-supplied URL. Description The Washingto...

Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow

Overview The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description IIS is a web server that comes with Microsoft Windows. IIS also includes FTP server...

Gateway CWebLaunchCtl ActiveX control buffer overflow

Overview The Gateway CWebLaunchCtl ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable sytem. Description The Gateway Computers CWebLaunchCtlActiveX control, which is provided by weblaunch.ocx and weblaunch2.ocx,...

Oracle Collaboration Suite denial of service vulnerability

Overview The Oracle collaboration suite contains a vulnerability that may allow an attacker to create a denial-of-service condition. Description The Oracle collaboration suite contains a vulnerability. From Oracle Critical Patch Update - July 2007:There is 1 new Oracle Collaboration Suite specifi...

Zenturi ProgramChecker ActiveX buffer overflow vulnerabilities

Overview Zenturi ProgramChecker contains multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Zenturi ProgramChecker is a set of "... easy to use tools to analyze, validate, authenticate and research th...

British Telecommunications Consumer webhelper ActiveX control buffer overflows

Overview The British Telecommunications Consumer webhelper ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The registration process for British Telecommunications BT internet...

McAfee VirusScan Enterprise heap buffer overflow vulnerability

Overview The McAfee VirusScan progream contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to arbitrary execute code. Description McAfee VirusScan Enterprise includes an anti-virus, firewall, and host-based intrusion protection system. The on-demand...

Citrix Presentation Server Client vulnerable to arbitrary code execution

Overview A vulnerability in the Citrix Presentation Server Client could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Independent Computing Architecture ICA is an application server protocol used by Citrix products. The Citrix Presentation Server Client for...

Aruba Mobility Controller Management Interface contains a buffer overflow

Overview The Aruba Mobility Controller Management Interface contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in a wireless network...

Cisco IOS fails to properly process specially crafted IPv6 packets

Overview Cisco IOS fails to properly process IPv6 packets with specially crafted routing headers. Successful exploitation of this vulnerability may allow an attacker to execute code, or create a denial-of-service condition. Description Internet Protocol version 6 IPv6 is a IP standard that is...

Secure Elements Class 5 AVR client sends messages in cleartext

Overview The Secure Elements Class 5 AVR client sends messages in cleartext. This may allow an attacker to read traffic from an asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces security policies on...

Oracle Collaboration Suite Email Server vulnerability

Overview An unspecified vulnerability in the Oracle Collaboration Suite Email Server may allow a remote, unauthenticated attacker to compromise system integrity, confidentiality, and availability. Description Oracle Collaboration Suite Email Server contains a vulnerability.The details of this...

Microsoft BlnMgr Proxy (blnmgrps.dll) COM object fails to implement required methods

Overview The Microsoft BlnMgr Proxy COM object fails to implement the methods required by the IDispatch interface, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable...

Cisco IOS vulnerable to DoS or arbitrary code execution via specially crafted IPv6 packet

Overview Cisco Internetwork Operating System IOS IPv6 packet handling is vulnerable to a denial-of-service attack and may potentially be vulnerable to a flaw that allows arbitrary code execution. Description Cisco Systems devices running IOS that are configured to handle Internet Protocol version...

Cisco IOS vulnerable to DoS via malformed BGP packet

Overview A vulnerability in Cisco's Internetwork Operating System IOS could result in a remotely exploitable denial of service. Description Cisco Internetwork Operating System IOS includes support for Border Gateway Protocol BGP, which is defined in RFC 1771. BGP is designed to exchange network...

RealPlayer ActiveX control contains buffer overflow in "ShowPreferences"

Overview The RealPlayer ActiveX control contains a stack-based buffer overflow in the ShowPreferences method. This may permit a remote attacker to execute arbitrary code on the user's system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remot...

Macromedia JRun Server insecurely generates and handles JSESSIONIDs

Overview A vulnerability exists in Macromedia JRun that may allow an attacker to gain access to an authenticated user's session. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is deployed at over...

CVSTrac fails to properly sanitize input passed to "filediff"

Overview CVSTrac fails to check the validity of input passed to the "rcsinfo" parameter of "filediff." This allows execution of arbitrary commands on the server. Description CVSTrac is a web-based bug and patch set tracking system for use with CVS. CVSTrac 1.1.3 and earlier fail to properly...

JetboxOne leaves account database unencrypted

Overview JetboxOne does not encrypt information in the account information database. Any user with the ability to query the database may be able to view confidential account information. Description JetboxOne is an open-source content management system that is written in PHP. An information...

Board Power contains cross-site scripting vulnerability in the 'action' parameter of 'icq.cgi'

Overview Board Power fails to filter malicious content provided in the URL, leading to a cross-site scripting vulnerability. Attackers who exploit this vulnerability may be able to execute arbitrary scripts. Description Board Power is a forum application available for multiple operating systems...

Sun Solaris patches may cause passwords to be logged in clear text

Overview Sun Solaris contains a vulnerability in which systems configured as kerberos clients that have specific patches installed may log passwords in clear text. Description Sun Microsystems released patches 112908-12 and 115168-03 to address issues in kerberos. There is a vulnerability in thes...

Ethereal fails to properly handle malformed color filter files

Overview Ethereal fails to properly handle malformed color filter files, which could allow an attacker to cause a segmentation fault. Description Ethereal is a network traffic analysis package. It provides a feature that allows a user to customize the foreground and background colors of packet...

ModSecurity for Apache vulnerable to off-by-one overflow when directive "SecFilterScanPost" is enabled

Overview A vulnerability in the modsecurity module for Apache may permit a remote attacker to execute arbitrary code on the vulnerable web server. Description ModSecurity is an open source intrusion detection and prevention engine for web applications. The modsecurity module for Apache 2.0.X...

Multiple Open Software Foundation Distributed Computing Environment (DCE) implementations vulnerable to DoS

Overview A denial-of-service vulnerability exists in multiple vendor implementations of the Distributed Computing Environment. This vulnerability may allow a remote attacker to cause the service to fail. Note that this vulnerability may be triggered by attackers attempting to exploit VU568148 and...

Microsoft Windows 2000 SMTP service vulnerable to DoS when processing message with corrupted time stamp

Overview Some versions of Microsoft Windows 2000 feature an SMTP service for handling Internet email. A flaw in this SMTP service may result in a denial-of-service vulnerability. Description When a message with a corrupted time stamp is received by a vulnerable system, the SMTP service may stop...

Sun Management Center (SunMC) allows user to create or overwrite arbitrary files

Overview The Sun Management Center SunMC contains a vulnerability that could allow an attacker to create or overwrite any file on the system. Description An unknown vulnerability exists in the Sun Management Center SunMC, according to a Sun Alert Notification. According to that document,...

ScriptLogic RPC service allows local users to modify arbitrary registry settings

Overview There is a vulnerability in version 4.01 of ScriptLogic that could allow local users to gain full access to the registry. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain. A vulnerabili...

RealNetworks Helix Universal Server vulnerable to buffer overflow when sent two simultaneous HTTP requests containing a long string of characters

Overview The RealNetworks' Helix Universal Server supports delivery of several different media types over the Internet. Vulnerabilities have been discovered in the way it handles some requests from the network. These vulnerabilities could allow a remote attacker to execute arbitrary code on...

Handspring VisorPhone vulnerable to DoS via SMS image transfer

Overview Handspring Visors equipped with the VisorPhone Springboard module can crash when receiving large SMS images from other mobile devices. Description Handspring Visor is a Palm-OS-based personal digital assistant PDA that features a proprietary plug-in hardware expansion technology named...

Mike Spice's My Calendar does not adequately validate user input

Overview Mike Spice's My Calendar does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause My Calendar to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's My Calendar is a CGI script...

Microsoft Internet Explorer vulnerable to DoS via crafted ftp:// URL

Overview Microsoft Internet Explorer has a vulnerability that may cause the program to crash when opening some FTP URL's. Description Microsoft Internet Explorer with Browsing Enhancements installed by default on some versions of Windows may crash when opening an FTP URL containing '' or '&'...

/usr/libexec/vi.recover script contains vulnerability allowing arbitrary zero-length files to be removed

Overview The /usr/libexec/vi.recover script in OpenBSD has a vulnerability that could allow an attacker to remove arbitrary zero-length files, including device nodes. Description The /usr/libexec/vi.recover script in OpenBSD cleans up vi temp files and informs a user via email if a recovery file...

HP Tru64 UNIX "ping" contains locally exploitable vulnerability (SSRT2229)

Overview The HP Tru64 UNIX implementation of "ping" contains a locally exploitable vulnerability. Description "ping" is used to send ICMP echo requests to other hosts on the Internet. A locally exploitable vulnerability in "ping" may permit a local attacker to perform a denial-of-service attack o...

HP Tru64 UNIX "ps" contains buffer overflow (SSRT2256)

Overview The HP Tru64 UNIX implementation of "ps" contains a locally exploitable buffer overflow. Description "ps" is used to display information about running processes. A locally exploitable buffer overflow in "ps" may permit a local attacker to gain elevated privileges and execute arbitrary co...

HP Tru64 UNIX "uux" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "uux" contains a locally exploitable buffer overflow. Description "uux" is used to run a command on a remote system. A locally exploitable buffer overflow in "uux" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...

HP Tru64 UNIX "at" contains buffer overflow (SSRT2189)

Overview The HP Tru64 UNIX implementation of "at" contains a locally exploitable buffer overflow. Description "at" is used to run a job at a later time. A locally exploitable buffer overflow in "at" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable...

HP Tru64 UNIX "lpc" contains buffer overflow (SSRT2260)

Overview The HP Tru64 UNIX implementation of "lpc" contains a locally exploitable buffer overflow. Description "lpc" is used to control the line printer system. A locally exploitable buffer overflow in "lpc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...

Oracle 9iAS creates temporary files when processing JSP requests that are world-readable

Overview Oracle Database Server version 9iAS makes JSP source code publicly available. The source code may be used by attackers to analyze proprietary business logic or uncover Oracle's network configuration, usernames, and/or passwords. Description When Oracle receives a request for JSP file, it...

Adobe PhotoDeluxe does not adequately restrict Java execution

Overview A vulnerability exists in Adobe PhotoDeluxe that allows a malicious web page or HTML email message viewed with Microsoft Internet Explorer to obtain directory listings or potentially download and execute arbitrary code on the local system. Description Adobe PhotoDeluxe is an image...

AOL Instant Messenger vulnerable to DoS via crafted packets

Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window. Description All versions of AIM for Windows proir to beta version 4.8.2540 contain a buffer overflow that permits an attacker to cause a...

Windows NT SNMP agent leaks memory

Overview The Microsoft SNMP agent, prior to Windows NT 4.0 Service Pack 4.0, will leak memory. Description Microsoft's SNMP agent, snmp.exe, priot to Windows NT 4.0 Service Pack 4.0, will leak memory if the OID cannot be decoded. Quoting from Microsoft KB article Q178381, If SNMP cannot decode an...

IBM AIX portmir vulnerable to buffer overflow via echo_error

Overview There is a buffer overflow in the IBM AIX portmir command that may allow local users to gain root privileges. Description There is a buffer overflow in the echoerror routine of the IBM AIX portmir command. An attacker may be able to corrupt lock files in the "/etc/locks" directory. ---...

Cayman gateways ship with null administrative and user level passwords

Overview Cayman gateways ship without a default password on the admin and user accounts. As long as the gateway is not addressable via the WAN, this can only be accessed and set by anyone on the LAN side. With admin access, the gateway settings can be configured by an intruder. Description Cayman...

Alcatel ADSL modems provide unauthenticated TFTP access via physical WAN interface

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...

SystemWizard Registry Object ActiveX Control lacks authentication

Overview Description The SystemWizard "Registry Object" ActiveX Control may allow attackers to modify the registry on systems where the control is installed. This control was shipped on HP Pavilion computers running Windows 98, as part of a diagnostic application named "SystemWizard" produced by...

Workhorse Software Services, Inc. software prior to version 1.9.4.48019, default deployment is vulnerable to multiple issues.

Overview Workhorse Software Services, Inc municipal accounting software prior to version 1.9.4.48019 contains design flaws that could allow unauthorized access to sensitive data and facilitate data exfiltration. Specifically, database connection information is stored in plaintext alongside the...