3702 matches found
HP Tru64 UNIX "rdist" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "rdist" contains a locally exploitable buffer overflow. Description "rdist" allows a user to maintain identical copies of files on multiple hosts. A locally exploitable buffer overflow in "rdist" may permit a local attacker to gain elevated privileges...
HP Tru64 UNIX "uux" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uux" contains a locally exploitable buffer overflow. Description "uux" is used to run a command on a remote system. A locally exploitable buffer overflow in "uux" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "lpc" contains buffer overflow (SSRT2260)
Overview The HP Tru64 UNIX implementation of "lpc" contains a locally exploitable buffer overflow. Description "lpc" is used to control the line printer system. A locally exploitable buffer overflow in "lpc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
Computer Associates MLink "mclear" command vulnerable to buffer overflow via long string of characters
Overview A locally exploitable buffer overflow exists in mclear. Description CA-MLINK is a managed data transport service. For more information about CA-MLINK, please see the product brochure. Based on a public report, it appears there is a locally exploitable buffer overflow in the mclear comman...
Oracle 9iAS creates temporary files when processing JSP requests that are world-readable
Overview Oracle Database Server version 9iAS makes JSP source code publicly available. The source code may be used by attackers to analyze proprietary business logic or uncover Oracle's network configuration, usernames, and/or passwords. Description When Oracle receives a request for JSP file, it...
Multiple Oracle 9iAS sample pages contain vulnerabilities
Overview Oracle Application Server version 9iAS installs with sample pages that demonstrate various functions of the software. Many of these pages can be used by attackers to breach the security of the system. Description A fresh installation of Oracle Application Server version 9iAS and possibly...
Adobe PhotoDeluxe does not adequately restrict Java execution
Overview A vulnerability exists in Adobe PhotoDeluxe that allows a malicious web page or HTML email message viewed with Microsoft Internet Explorer to obtain directory listings or potentially download and execute arbitrary code on the local system. Description Adobe PhotoDeluxe is an image...
AOL Instant Messenger vulnerable to DoS via crafted WAV file
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM allows users to send audio files to one another. By sending a corrupt WAV formatted file, an attacker can cause the...
Windows NT SNMP agent leaks memory
Overview The Microsoft SNMP agent, prior to Windows NT 4.0 Service Pack 4.0, will leak memory. Description Microsoft's SNMP agent, snmp.exe, priot to Windows NT 4.0 Service Pack 4.0, will leak memory if the OID cannot be decoded. Quoting from Microsoft KB article Q178381, If SNMP cannot decode an...
IBM AIX portmir vulnerable to buffer overflow via echo_error
Overview There is a buffer overflow in the IBM AIX portmir command that may allow local users to gain root privileges. Description There is a buffer overflow in the echoerror routine of the IBM AIX portmir command. An attacker may be able to corrupt lock files in the "/etc/locks" directory. ---...
Cayman gateways ship with null administrative and user level passwords
Overview Cayman gateways ship without a default password on the admin and user accounts. As long as the gateway is not addressable via the WAN, this can only be accessed and set by anyone on the LAN side. With admin access, the gateway settings can be configured by an intruder. Description Cayman...
SCO UnixWare bnuconvert contains buffer overflow via long string of characters sent as command line argument
Overview A buffer overflow in bnuconvert, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sendin...
Lotus Domino vulnerable to DoS via large crafted URL request
Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Description HTTP requests to TCP port 80 consisting of multiple /'s, approximately 8k worth, will result in the consumption of the CPU 99-100%. Typically, 8k of the character "a" results in...
Appsmiths SQL Query autocomplete renderer contains a cross site scripting vulnerability
Overview A stored cross-site scripting XSS vulnerability has been discovered in Appsmith, specifically in the CodeMirror based SQL query editorās autocomplete renderer. CVE-2026-7299 has been assigned to track the vulnerability. An attacker with developer level access to a shared PostgreSQL...
Casdoor contains multiple authentication bypass and access management vulnerabilities
Overview Casdoor versions 2.362.0 and earlier contain several identity and access management vulnerabilities that enable broad authentication bypass and privilege escalation. These flaws relate to Casdoorās Security Assertion Markup Language SAML processing, account binding, and token exchange...
Unauthenticated configuration modification vulnerability in Central Office Services - Content Hosting Component
Overview A security flaw exists in the configuration management endpoint of the DRC INSIGHT software, allowing an unauthenticated user with access to the same network as the server to modify the serverās configuration file. This could enable data exfiltration, traffic redirection, or service...
Libheif uncompressed codec lacks bounds check leading to application crash
Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory...
Lack of Sufficient Guardrails Lead to Excessive Agency (LLM08) in Some LLM Applications
Overview Retell AI's API creates AI voice agents that have excessive permissions and functionality, as a result of insufficient amounts of guardrails. As a result, attackers can exploit this and conduct large scale social engineering, phishing, and misinformation campaigns. Description Retell AI...
Workhorse Software Services, Inc. software prior to version 1.9.4.48019, default deployment is vulnerable to multiple issues.
Overview Workhorse Software Services, Inc municipal accounting software prior to version 1.9.4.48019 contains design flaws that could allow unauthorized access to sensitive data and facilitate data exfiltration. Specifically, database connection information is stored in plaintext alongside the...
A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable
Overview A vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. This issue arises from the unsafe use of an NVRAM variable, which is used as trusted storage for a digital certificate in the trust validation chain. An...
Use-after-free vulnerability in lighttpd version 1.4.50 and earlier
Overview A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker can use crafted HTTP Requests to crash the web server and/or leak memory in order to access...
Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account
Overview Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary file writes. A low privileged attacker can escalate privileges to root on affected systems. Description Every five hours t...
Software driver for D-Link Wi-Fi USB Adapter vulnerable to service path privilege escalation
Overview The software driver for D-Link DWA-117 AC600 MU-MIMO Wi-Fi USB Adapter contains a unquoted service path privilege escalation vulnerability. In certain conditions, this flaw can lead to a local privilege escalation. Description D-Link DWA-117 AC600 MU-MIMO is a Wi-Fi USB Adapter that...
Salesforce DX command line interface (CLI) does not adequately protect sfdxurl credentials
Overview The default security configuration in Salesforce allows an authenticated user with the Salesforce-CLI to create URL that will allow anyone, anywhere access to the Salesforce GUI with the same administrative credentials without a log trace of access or usage of the API. Description The...
Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests
Overview Simple Certificate Enrollment Protocol SCEP does not strongly authenticate certificate requests made by users or devices. Update March 19, 2025: Solution section has been updated. Description IETF Internet-Draft draft-nourse-scep-23 "...defines a protocol, Simple Certificate Enrollment...
TP-Link 8840T DSL router default remote management vulnerability
Overview The TP-Link 8840T DSL router's remote management feature is enabled by default. Description The TP-Link 8840T DSL router allows remote WAN internet users access to the administrator web interface of the device by default. --- Impact A remote unauthenticated attacker may be able to access...
Wireshark 6LoWPAN denial of service vulnerability
Overview Wireshark will crash on 32-bit systems while reading a malformed 6LoWPAN packet. Description Paul Makowski's report states:dissect6lowpaniphcin /epan/dissectors/packet-6lowpan.c trusts user supplied data when incrementing 'offset '. It is possible for the user to increment 'offset ' to a...
BlackBerry Attachment Service PDF distiller vulnerable to arbitrary code execution
Overview The PDF Distiller service that is provided with BlackBerry Enterprise Server contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The BlackBerry Attachment Service is a component of the BlackBerry...
Novell iPrint Client ActiveX control stack buffer overflows
Overview The Novell iPrint Client ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Novell iPrint is a software printing solution that allows for printing over the internet. On...
Nik Software Sharpener Pro vulnerable to privilege escalation
Overview The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges. Description Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets...
Skype does not properly filter input from external websites
Overview The Skype client does not properly filter user-supplied input from websites that provide video content to Skype users. Description Skype is a peer-to-peer application that provides Voice over IP VoIP and Instant Messaging services. The Skype client is available for the Microsoft Windows,...
Flash authoring tools create Flash files that contain cross-site scripting vulnerabilities
Overview A number of authoring tools for Flash content may generate files that contain cross-site scripting vulnerabilities. Any site hosting Flash generated by an affected tool could be vulnerable to cross-site scripting. Description ActionScript is a scripting language based on ECMAScript also...
Cisco IOS fails to properly handle Next Hop Resolution Protocol packets
Overview Cisco IOS fails to properly handle Next Hop Resolution Protocol packets, which could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description Cisco IOS is an operating system that is used on Cisco network devices. Cisco IOS supports a...
Oracle Dictionary vulnerability
Overview An unspecified vulnerability in the Oracle Dictionary may allow a remote attacker to compromise system integrity and availability. Description Oracle Dictionary contains an unspecified vulnerability that, according to Oracle, can allow an attacker to easily compromise system integrity an...
Cisco IPS MC Malformed Configuration Download Vulnerability
Overview Cisco Management Center for IPS Sensors IPS MC contains a vulnerability that may cause some IPS signatures to become unintentionally disabled. Description Cisco IOS IPSCisco IOS IPS Intrusion Prevention System is a feature for Cisco IOS devices that provides in-line intrusion prevention...
Oracle E-Business Suite Applications Utilities vulnerability
Overview An unspecified vulnerability in the Oracle Applications Utilities may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Applications Utilities is a component of the Oracle E-Business Suite. There is an vulnerability in the...
WebEOC uses a global shared key
Overview WebEOC installations may use the a common secret key to encrypt data. If an attacker can retrieve this key from one site, they will be able to decipher all data encoded with the key across all WebEOC installations. Description WebEOC is a web-based crisis information management applicati...
RealPlayer ActiveX control contains buffer overflow in "ShowPreferences"
Overview The RealPlayer ActiveX control contains a stack-based buffer overflow in the ShowPreferences method. This may permit a remote attacker to execute arbitrary code on the user's system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remot...
Multiple Symantec security appliances fail to properly filter port 53/udp traffic
Overview A vulnerability exists in multiple Symantec security appliances that could allow a remote attacker to bypass the firewall using a source port of 53/udp. Description Symantec's Firewall/VPN appliances and Gateway Security models include a number of services such as tftpd, snmpd, and isakm...
Macromedia JRun Server insecurely generates and handles JSESSIONIDs
Overview A vulnerability exists in Macromedia JRun that may allow an attacker to gain access to an authenticated user's session. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is deployed at over...
Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs
Overview A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability exists in the way that some versions of the Mozilla and Firefox web browsers, and...
Multiple buffer overflows in Mozilla POP3 protocol handler
Overview There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a remote attacker to execute arbitrary code. Description Post Office Protocol Version 3 POP3 is a mail protocol that provides a means for retrieving email from a remote server. The...
Oracle Application Server contains several vulnerabilities
Overview Several vulnerabilities exist in the Portal and iSQLPlus components of the Oracle Application Server. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system...
JetboxOne leaves account database unencrypted
Overview JetboxOne does not encrypt information in the account information database. Any user with the ability to query the database may be able to view confidential account information. Description JetboxOne is an open-source content management system that is written in PHP. An information...
Multiple Cisco ONS control cards fail to properly handle malformed SNMP packets
Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...
MPlayer contains a buffer overflow in the HTTP parser
Overview MPlayer fails to properly allocate a memory buffer for URL strings containing characters that need to be escaped. Description MPlayer is a movie player for Linux and other Unix-based operating systems. MPlayer fails to properly allocate a memory buffer for URL strings containing characte...
Monit fails to properly handle overly long HTTP requests
Overview Monit is vulnerable to a buffer overflow when processing overly long HTTP requests. Description Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. There is a buffer...
ModSecurity for Apache vulnerable to off-by-one overflow when directive "SecFilterScanPost" is enabled
Overview A vulnerability in the modsecurity module for Apache may permit a remote attacker to execute arbitrary code on the vulnerable web server. Description ModSecurity is an open source intrusion detection and prevention engine for web applications. The modsecurity module for Apache 2.0.X...
Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL() function
Overview Oracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTOYMINTERVAL function. Thi...
IMail Server LDAP daemon buffer overflow
Overview A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system. Description A buffer overflow flaw exists in the way that the Lightweight Directory Access Protocol LD...