3702 matches found
HP Tru64 UNIX "uux" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uux" contains a locally exploitable buffer overflow. Description "uux" is used to run a command on a remote system. A locally exploitable buffer overflow in "uux" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "rdist" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "rdist" contains a locally exploitable buffer overflow. Description "rdist" allows a user to maintain identical copies of files on multiple hosts. A locally exploitable buffer overflow in "rdist" may permit a local attacker to gain elevated privileges...
HP Tru64 UNIX "lpc" contains buffer overflow (SSRT2260)
Overview The HP Tru64 UNIX implementation of "lpc" contains a locally exploitable buffer overflow. Description "lpc" is used to control the line printer system. A locally exploitable buffer overflow in "lpc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
Magic Enterprise contains multiple shell scripts that allow arbitrary file overwriting via symlink redirection of temporary file
Overview Some versions of Magic eDeveloper Enterprise Edition contain a symbolic-link vulnerability that allows attackers to overwrite data or execute arbitrary commands. Description Magic eDeveloper is a development environment for large-scale and distributed applications.Magic eDeveloper...
Apache Web Server vulnerable to DoS via crafted HTTP request
Overview Some versions of the Apache Web server are vulnerable to denial-of-service attacks by crafted HTTP requests. Description A vulnerability exists in some versions the Apache Web HTTPD Server running on Windows 98SE, Windows 2000 SP1, and OS/2. The vulnerability appears to be a bounds...
Oracle 9iAS default configuration uses well-known default passwords
Overview Oracle Database Server version 9iAS installs with up to 160 distinct default login accounts. The usernames and passwords for these have been made publicly available and could be used by an attacker to gain access to an Oracle server. Description Depending on the components chosen at...
AOL Instant Messenger vulnerable to DoS via crafted packets
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window. Description All versions of AIM for Windows proir to beta version 4.8.2540 contain a buffer overflow that permits an attacker to cause a...
SCO UnixWare bnuconvert contains buffer overflow via long string of characters sent as command line argument
Overview A buffer overflow in bnuconvert, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sendin...
Microsoft Index Server contains buffer overflow
Overview A buffer overflow exists in Microsoft Index Server 2.0, which may allow remote attackers to execute code with administrarive privileges. Description Microsoft Index Server 2.0 is a tool for building an index of a web site to permit efficient searches. An intruder who can authenticate to...
Cisco IOS/CatOS exposes read-write SNMP community string via traversal of View-based Access Control MIB (VACM) using read-only community string
Overview There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read and modify its configuration, creating a denial-of-service condition, an information leak, or both...
Alcatel ADSL modems provide unauthenticated TFTP access via physical WAN interface
Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...
Casdoor contains Arbitrary File Write vulnerability
Overview Casdoor contains an arbitrary file write vulnerability in the implementation of its "Local File System" storage provider. Due to insufficient sanitization of user-supplied paths, an authenticated user with file upload permissions can escape the intended storage directory and write files...
Workhorse Software Services, Inc. software prior to version 1.9.4.48019, default deployment is vulnerable to multiple issues.
Overview Workhorse Software Services, Inc municipal accounting software prior to version 1.9.4.48019 contains design flaws that could allow unauthorized access to sensitive data and facilitate data exfiltration. Specifically, database connection information is stored in plaintext alongside the...
Rsync contains six vulnerabilities
Overview Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak,...
Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests
Overview Simple Certificate Enrollment Protocol SCEP does not strongly authenticate certificate requests made by users or devices. Update March 19, 2025: Solution section has been updated. Description IETF Internet-Draft draft-nourse-scep-23 "...defines a protocol, Simple Certificate Enrollment...
InspIRCd heap corruption vulnerability
Overview InspIRCd 2.0.5 and possibly other versions contain a heap corruption vulnerability that may be exploited with a specifically crafted DNS query. Description InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res buffer is allocated on the heap and can b...
UPnP requests accepted over router WAN interfaces
Overview Some Internet router devices incorrectly accept UPnP requests over the WAN interface. Description Universal Plug and Play UPnP is a networking protocol mostly used for personal computing devices to discover and communicate with each other and the Internet. Some UPnP enabled router device...
Wireshark 6LoWPAN denial of service vulnerability
Overview Wireshark will crash on 32-bit systems while reading a malformed 6LoWPAN packet. Description Paul Makowski's report states:dissect6lowpaniphcin /epan/dissectors/packet-6lowpan.c trusts user supplied data when incrementing 'offset '. It is possible for the user to increment 'offset ' to a...
IBM WebSphere Portal Server input validation vulnerability
Overview IBM WebSphere Portal Server does not validate entry path inputted data. Description From the IBM Portal website: "IBM WebSphere Portal software provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, as well as...
NetSupport Manager Gateway transmits identifying information in plaintext
Overview The NetSupport HTTP protocol implementation used for communication between the NetSupport Manager Gateway and NetSupport Manager Controls or NetSupport Manager Clients is not encrypting http headers sent between systems. Description The NetSupport HTTP protocol implementation used for...
Ghostscript crashes when passing a null ipsp->ip value to the gs_type2_interpret function
Overview The gstype2interpret function which is a part of Ghostscript is prone to denial-of-service conditions. Description Ghostscript contains a function called gstype2interpret which is not performing null value error checking. A specially crafted document can cause Ghostscript to deference a...
Washington Courts website vulnerable to SQL injection and cross-site scripting
Overview The Washington Courts website http://www.courts.wa.gov/ is vulnerable to SQL injection and cross-site scripting. An attacker could gain access to information stored on the site or manipulate how the site appears to victims who browse to an attacker-supplied URL. Description The Washingto...
Microsoft Indeo video codecs contain multiple vulnerabilities
Overview The Indeo video codecs that are provided by Microsoft Windows contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Indeo is a video codec that was developed by Intel and Microsoft. Multiple...
Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow
Overview The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description IIS is a web server that comes with Microsoft Windows. IIS also includes FTP server...
Microsoft Internet Explorer fails to properly restrict access to frames
Overview Microsoft Internet Explorer fails to properly restrict access to a document's frames, which may allow an attacker to modify the contents of frames in a different domain. Description Frames in HTML documents are subdivisions of the current window. The most common use of frames in web page...
Novell iPrint Client ActiveX control stack buffer overflows
Overview The Novell iPrint Client ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Novell iPrint is a software printing solution that allows for printing over the internet. On...
Gateway CWebLaunchCtl ActiveX control buffer overflow
Overview The Gateway CWebLaunchCtl ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable sytem. Description The Gateway Computers CWebLaunchCtlActiveX control, which is provided by weblaunch.ocx and weblaunch2.ocx,...
Cisco IOS fails to properly handle Next Hop Resolution Protocol packets
Overview Cisco IOS fails to properly handle Next Hop Resolution Protocol packets, which could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description Cisco IOS is an operating system that is used on Cisco network devices. Cisco IOS supports a...
Oracle Collaboration Suite denial of service vulnerability
Overview The Oracle collaboration suite contains a vulnerability that may allow an attacker to create a denial-of-service condition. Description The Oracle collaboration suite contains a vulnerability. From Oracle Critical Patch Update - July 2007:There is 1 new Oracle Collaboration Suite specifi...
McAfee VirusScan Enterprise heap buffer overflow vulnerability
Overview The McAfee VirusScan progream contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to arbitrary execute code. Description McAfee VirusScan Enterprise includes an anti-virus, firewall, and host-based intrusion protection system. The on-demand...
Citrix Presentation Server Client vulnerable to arbitrary code execution
Overview A vulnerability in the Citrix Presentation Server Client could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Independent Computing Architecture ICA is an application server protocol used by Citrix products. The Citrix Presentation Server Client for...
Aruba Mobility Controller Management Interface contains a buffer overflow
Overview The Aruba Mobility Controller Management Interface contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in a wireless network...
Cisco IOS fails to properly process specially crafted IPv6 packets
Overview Cisco IOS fails to properly process IPv6 packets with specially crafted routing headers. Successful exploitation of this vulnerability may allow an attacker to execute code, or create a denial-of-service condition. Description Internet Protocol version 6 IPv6 is a IP standard that is...
Secure Elements Class 5 AVR server fails to properly validate pathnames when downloading updates
Overview The Secure Elements Class 5 AVR server fails to properly validate pathnames when downloading updates. This may allow an attacker to overwrite arbitrary files on the server system. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...
Secure Elements Class 5 AVR server sends messages in cleartext
Overview The Secure Elements Class 5 AVR server sends messages in cleartext. This may allow an attacker to read traffic to an asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces security policies on networ...
Secure Elements Class 5 AVR client fails to validate source address of messages
Overview The Secure Elements Class 5 AVR client fails to validate the source address of messages. This may allow an attacker to execute arbitrary code with root privileges on a vulnerable client system. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...
RealVNC Server does not validate client authentication method
Overview The RealVNC Server fails to properly authenticate clients. This may allow a remote attacker to bypass authentication and gain access to the VNC server. Description TheVirtual Network ComputingVNC Protocol According to RealVNC, "The VNC protocol is a simple protocol for remote access to...
Oracle Dictionary vulnerability
Overview An unspecified vulnerability in the Oracle Dictionary may allow a remote attacker to compromise system integrity and availability. Description Oracle Dictionary contains an unspecified vulnerability that, according to Oracle, can allow an attacker to easily compromise system integrity an...
Oracle Collaboration Suite Email Server vulnerability
Overview An unspecified vulnerability in the Oracle Collaboration Suite Email Server may allow a remote, unauthenticated attacker to compromise system integrity, confidentiality, and availability. Description Oracle Collaboration Suite Email Server contains a vulnerability.The details of this...
Oracle E-Business Suite Applications Utilities vulnerability
Overview An unspecified vulnerability in the Oracle Applications Utilities may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Applications Utilities is a component of the Oracle E-Business Suite. There is an vulnerability in the...
Microsoft Internet Explorer can use any COM object
Overview Microsoft Internet Explorer IE will attempt to use COM objects that were not intended to be used in the web browser. This can cause a variety of impacts, such as causing IE to crash. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable softwar...
Cisco IOS vulnerable to DoS or arbitrary code execution via specially crafted IPv6 packet
Overview Cisco Internetwork Operating System IOS IPv6 packet handling is vulnerable to a denial-of-service attack and may potentially be vulnerable to a flaw that allows arbitrary code execution. Description Cisco Systems devices running IOS that are configured to handle Internet Protocol version...
Oracle products contain multiple vulnerabilities
Overview Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions Description Multiple vulnerabilities exist in numerous...
Cisco IOS vulnerable to DoS via malformed BGP packet
Overview A vulnerability in Cisco's Internetwork Operating System IOS could result in a remotely exploitable denial of service. Description Cisco Internetwork Operating System IOS includes support for Border Gateway Protocol BGP, which is defined in RFC 1771. BGP is designed to exchange network...
RealPlayer ActiveX control contains buffer overflow in "ShowPreferences"
Overview The RealPlayer ActiveX control contains a stack-based buffer overflow in the ShowPreferences method. This may permit a remote attacker to execute arbitrary code on the user's system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remot...
Multiple Symantec security appliances fail to properly filter port 53/udp traffic
Overview A vulnerability exists in multiple Symantec security appliances that could allow a remote attacker to bypass the firewall using a source port of 53/udp. Description Symantec's Firewall/VPN appliances and Gateway Security models include a number of services such as tftpd, snmpd, and isakm...
Macromedia JRun Server insecurely generates and handles JSESSIONIDs
Overview A vulnerability exists in Macromedia JRun that may allow an attacker to gain access to an authenticated user's session. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is deployed at over...
Mozilla "send page" feature contains a buffer overflow vulnerability
Overview There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code. Description Mozilla is an open-source web browser, email/newsgroup client, IRC client, and HTML editor available for a number of platforms including...
Multiple buffer overflows in Mozilla POP3 protocol handler
Overview There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a remote attacker to execute arbitrary code. Description Post Office Protocol Version 3 POP3 is a mail protocol that provides a means for retrieving email from a remote server. The...
Novell Bordermanager VPN Service denial-of-service vulnerability
Overview A vulnerability exists in the Novell Bordermanager VPN service that could allow a remote attacker to cause a denial of service. Description The Novell Bordermanager product includes Virtual Private Network VPN capabilities, including support for the standard Internet Key Exchange IKE...