Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account

Overview Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary file writes. A low privileged attacker can escalate privileges to root on affected systems. Description Every five hours t...

Salesforce DX command line interface (CLI) does not adequately protect sfdxurl credentials

Overview The default security configuration in Salesforce allows an authenticated user with the Salesforce-CLI to create URL that will allow anyone, anywhere access to the Salesforce GUI with the same administrative credentials without a log trace of access or usage of the API. Description The...

Adobe Shockwave player provides vulnerable Flash runtime

Overview Adobe Shockwave Player 12.1.1.151 and earlier versions on the Windows and Macintosh operating systems provide a vulnerable version of the Flash runtime. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Adobe Director...

TP-Link 8840T DSL router default remote management vulnerability

Overview The TP-Link 8840T DSL router's remote management feature is enabled by default. Description The TP-Link 8840T DSL router allows remote WAN internet users access to the administrator web interface of the device by default. --- Impact A remote unauthenticated attacker may be able to access...

IBM WebSphere Portal Server input validation vulnerability

Overview IBM WebSphere Portal Server does not validate entry path inputted data. Description From the IBM Portal website: "IBM WebSphere Portal software provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, as well as...

BlackBerry Attachment Service PDF distiller vulnerable to arbitrary code execution

Overview The PDF Distiller service that is provided with BlackBerry Enterprise Server contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The BlackBerry Attachment Service is a component of the BlackBerry...

Microsoft Internet Explorer fails to properly restrict access to frames

Overview Microsoft Internet Explorer fails to properly restrict access to a document's frames, which may allow an attacker to modify the contents of frames in a different domain. Description Frames in HTML documents are subdivisions of the current window. The most common use of frames in web page...

Novell iPrint Client ActiveX control stack buffer overflows

Overview The Novell iPrint Client ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Novell iPrint is a software printing solution that allows for printing over the internet. On...

Flash authoring tools create Flash files that contain cross-site scripting vulnerabilities

Overview A number of authoring tools for Flash content may generate files that contain cross-site scripting vulnerabilities. Any site hosting Flash generated by an affected tool could be vulnerable to cross-site scripting. Description ActionScript is a scripting language based on ECMAScript also...

Secure Elements Class 5 AVR server sends messages in cleartext

Overview The Secure Elements Class 5 AVR server sends messages in cleartext. This may allow an attacker to read traffic to an asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces security policies on networ...

Secure Elements Class 5 AVR server fails to properly validate pathnames when downloading updates

Overview The Secure Elements Class 5 AVR server fails to properly validate pathnames when downloading updates. This may allow an attacker to overwrite arbitrary files on the server system. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...

Secure Elements Class 5 AVR client fails to validate source address of messages

Overview The Secure Elements Class 5 AVR client fails to validate the source address of messages. This may allow an attacker to execute arbitrary code with root privileges on a vulnerable client system. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...

Cisco IPS MC Malformed Configuration Download Vulnerability

Overview Cisco Management Center for IPS Sensors IPS MC contains a vulnerability that may cause some IPS signatures to become unintentionally disabled. Description Cisco IOS IPSCisco IOS IPS Intrusion Prevention System is a feature for Cisco IOS devices that provides in-line intrusion prevention...

Oracle E-Business Suite Applications Utilities vulnerability

Overview An unspecified vulnerability in the Oracle Applications Utilities may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Applications Utilities is a component of the Oracle E-Business Suite. There is an vulnerability in the...

Oracle Application Server Internet Directory vulnerability

Overview An unspecified vulnerability in the Oracle Internet Directory may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Internet Directory provides directory services, such as LDAP support, for the Oracle Application Server. There...

Cisco IOS Firewall Authentication Proxy vulnerable to buffer overflow via specially crafted user authentication credentials

Overview A buffer overflow vulnerability in Cisco IOS Firewall Authentication Proxy may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service. Description Cisco IOS Firewall Authentication Proxy is a feature that allows network administrators to apply...

WebEOC uses a global shared key

Overview WebEOC installations may use the a common secret key to encrypt data. If an attacker can retrieve this key from one site, they will be able to decipher all data encoded with the key across all WebEOC installations. Description WebEOC is a web-based crisis information management applicati...

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the diclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exist in numerous...

Multiple Symantec security appliances fail to properly filter port 53/udp traffic

Overview A vulnerability exists in multiple Symantec security appliances that could allow a remote attacker to bypass the firewall using a source port of 53/udp. Description Symantec's Firewall/VPN appliances and Gateway Security models include a number of services such as tftpd, snmpd, and isakm...

Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs

Overview A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability exists in the way that some versions of the Mozilla and Firefox web browsers, and...

Mozilla "send page" feature contains a buffer overflow vulnerability

Overview There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code. Description Mozilla is an open-source web browser, email/newsgroup client, IRC client, and HTML editor available for a number of platforms including...

Multiple buffer overflows in Mozilla POP3 protocol handler

Overview There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a remote attacker to execute arbitrary code. Description Post Office Protocol Version 3 POP3 is a mail protocol that provides a means for retrieving email from a remote server. The...

Oracle Application Server contains several vulnerabilities

Overview Several vulnerabilities exist in the Portal and iSQLPlus components of the Oracle Application Server. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system...

Novell Bordermanager VPN Service denial-of-service vulnerability

Overview A vulnerability exists in the Novell Bordermanager VPN service that could allow a remote attacker to cause a denial of service. Description The Novell Bordermanager product includes Virtual Private Network VPN capabilities, including support for the standard Internet Key Exchange IKE...

Multiple Cisco ONS control cards fail to properly handle malformed IP packets

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

BEA WebLogic Server fails to properly associate the user identity on subsequent client connections

Overview BEA WebLogic Server fails to properly associate a user's identity when a client attempts to connect multiple times using different client certificates. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating,...

MPlayer contains a buffer overflow in the HTTP parser

Overview MPlayer fails to properly allocate a memory buffer for URL strings containing characters that need to be escaped. Description MPlayer is a movie player for Linux and other Unix-based operating systems. MPlayer fails to properly allocate a memory buffer for URL strings containing characte...

Monit fails to properly handle overly long HTTP requests

Overview Monit is vulnerable to a buffer overflow when processing overly long HTTP requests. Description Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. There is a buffer...

IMail Server LDAP daemon buffer overflow

Overview A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system. Description A buffer overflow flaw exists in the way that the Lightweight Directory Access Protocol LD...

Multiple Real media players fail to properly validate RMP files

Overview Multiple Real media players fail to properly validate RealJukebox Metadata Package RMP files which may permit an attacker to download and execute arbitrary code on the user's system. Description RealNetworks Real media players are multimedia applications that allow users to view local an...

Hummingbird CyberDOCS error page discloses web server installation path

Overview Hummingbird CyberDOCS contains a vulnerability that could allow a remote attacker to learn the installation path of the web server. This information could be used to support further attacks. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management...

Solaris libc getopt(3) contains buffer overflow

Overview Solaris libc getopt3 contains a buffer overflow vulnerability. Please note the date of this report: 1/27/1997. This does not affect current versions of Solaris. Description From :A buffer overflow condition exists in the getopt3 routine in Solaris libc. By supplying an invalid option and...

Cisco IOS HTTP Server vulnerable to buffer overflow when processing overly large malformed HTTP GET request

Overview The Cisco IOS HTTP Server contains a vulnerability that may permit a remote attacker to execute arbitrary code on the system. Description Cisco IOS ships with an HTTP Server. A buffer overflow vulnerability exists in the HTTP Server and may be exploited if a remote attacker sends a craft...

HP Tru64 UNIX "dxchpwd" contains buffer overflow

Overview The Hewlett Packard Tru64 "dxchpwd" command contains a locally exploitable buffer overflow. Description The Hewlett Packard Tru64 operating system contains a command, known as "dxchpwd," that allows users to change passwords. This program is vulnerable to a buffer overflow. --- Impact Th...

Oracle9i Application Server MOD_ORADAV Module vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Oracle9i Application Server MODORADAV Module. Description Oracle has described this vulnerability as follows:A potential security vulnerability has been discovered in Oracle9i Application Server. A knowledgeable and...

HP-UX XServer contains privilege escalation vulnerability

Overview A privilege escalation vulnerability exists in the HP-UX 11.22 XServer. Description A privilege escalation vulnerability in the HP-UX 11.22 XServer may allow an attacker to gain elevated privileges. For more details, please see HPSBUX0301-238. --- Impact An attacker may be able to gain...

Cherokee Web Server does not adequately validate user input thereby allowing directory traversal

Overview Cherokee contains a directory traversal vulnerability caused by failure to filter '../' character sequences. Description Cherokee is a compact, open-source web server. Cherokee does not filter '../' sequences from HTTP requests. As a result, it is possible for a remote attacker to reques...

IBM AIX vulnerable to buffer overflow in RPC routines

Overview IBM AIX contains a possible buffer-overflow vulnerability. Description Version 4.3 of IBM AIX has a possible buffer-overflow vulnerability in its RPC routines, due to use of an incorrect variable data type. No further information is available from the vendor. --- Impact The complete impa...

HP Tru64 UNIX "rdist" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "rdist" contains a locally exploitable buffer overflow. Description "rdist" allows a user to maintain identical copies of files on multiple hosts. A locally exploitable buffer overflow in "rdist" may permit a local attacker to gain elevated privileges...

HP Tru64 UNIX "inc" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "inc" contains a locally exploitable buffer overflow. Description "inc" is used to incorporate new mail. A locally exploitable buffer overflow in "inc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable...

ncompress vulnerable to buffer overflow via long filename

Overview Some versions of ncompress contain a buffer-overflow vulnerability. Description Versions 4.2.4 and earlier of ncompress do not properly handle filenames longer than 1023 characters. --- Impact By supplying long filenames to ncompress, an attacker may be able to gain local access to the...

Computer Associates MLink "mclear" command vulnerable to buffer overflow via long string of characters

Overview A locally exploitable buffer overflow exists in mclear. Description CA-MLINK is a managed data transport service. For more information about CA-MLINK, please see the product brochure. Based on a public report, it appears there is a locally exploitable buffer overflow in the mclear comman...

Multiple Oracle 9iAS sample pages contain vulnerabilities

Overview Oracle Application Server version 9iAS installs with sample pages that demonstrate various functions of the software. Many of these pages can be used by attackers to breach the security of the system. Description A fresh installation of Oracle Application Server version 9iAS and possibly...

AOL Instant Messenger vulnerable to DoS via crafted WAV file

Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM allows users to send audio files to one another. By sending a corrupt WAV formatted file, an attacker can cause the...

IBM AIX nslookup buffer overflow in hostname to lookup

Overview There is a buffer overflow in nslookup that will allow local attackers to gain root privileges on vulnerable AIX systems. Description The nslookup command contains a buffer overflow in the hostname to lookup, allowing local attackers to gain root privileges. The vendor IBM has reported...

Lotus Domino vulnerable to DoS via large crafted URL request

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Description HTTP requests to TCP port 80 consisting of multiple /'s, approximately 8k worth, will result in the consumption of the CPU 99-100%. Typically, 8k of the character "a" results in...

Alcatel ADSL modems contain a null default password

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...

Check Point FireWall-1 allows fragmented packets through firewall if Fast Mode is enabled

Overview If any rules include the "Fast Mode" option, Check Point Firewall-1 and VPN-1 will incorrectly allow unauthorized connection attempts to hosts that should be restricted. Description A feature called "Fast Mode" or "FASTPATH", included in Check Point FireWall-1 and VPN-1 is designed to...

Microsoft Internet Explorer vulnerable to file disclosure via code containing GetObject() function

Overview Internet Explorer may disclose files on your computer if you visit a malicious web site or read a mail message with Active Scripting enabled. Description By design, Microsoft Internet Explorer prevents programs on web sites from reading files on your computer without authorization...

dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation

Overview dnsmasq is affected by multiple memory safety and input validation vulnerabilities, including heap buffer overflows, heap corruption, and code execution flaws. Collectively, these vulnerabilities enable attackers to poison cached DNS records, bypass security controls, crash the dnsmasq...