3702 matches found
HP Tru64 UNIX "dxchpwd" contains buffer overflow
Overview The Hewlett Packard Tru64 "dxchpwd" command contains a locally exploitable buffer overflow. Description The Hewlett Packard Tru64 operating system contains a command, known as "dxchpwd," that allows users to change passwords. This program is vulnerable to a buffer overflow. --- Impact Th...
IBM Tivoli Firewall Toolbox contains vulnerability
Overview A vulnerability in the Tivoli Firewall Toolbox version 1.2 has been discovered that can lead to remote unauthorized compromise of the environment with in the firewall system. Description A buffer overflow vulnerability in the communications layer of the Tivoli Firewall Toolbox has been...
Yahoo! Mobile service discloses random sensitive information to unauthorized users
Overview The Yahoo! Mobile service contains an information exposure vulnerability. Description The Yahoo! Mobile Service enables users of handheld devices to take advantage of the same kinds of services Yahoo! Inc. offers to traditional desktop computing users e.g. web browsing, email, etc.. A...
Cherokee Web Server fails to drop privileges after daemon starts
Overview Cherokee fails to drop root privileges after binding to port 80. Description Cherokee is a compact, open-source web server. Cherokee is designed to start as root and drop root privileges after binding to port 80. However, versions of Cherokee prior to 0.2.7 fail to drop root privileges...
Cherokee Web Server does not adequately validate user input thereby allowing remote command execution
Overview Cherokee does not properly validate HTTP requests. Attackers may exploit this vulnerability to execute arbitrary commands as root. Description Cherokee is a compact, open-source web server. Cherokee passes Uniform Resource Identifiers URI's from HTTP requests directly to the shell withou...
PHP fails to filter ASCII control characters from string arguments of mail() function
Overview PHP does not properly filter parameters to its mail function. Description PHP is a scripting language widely used in web application development. PHP includes a function called mail that takes message parameters such as recipient address and sends mail using sendmail. PHP does not filter...
HP Tru64 UNIX "imapd" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "imapd" contains a locally exploitable buffer overflow. Description "imapd" is the IMAP daemon. A locally exploitable buffer overflow in "imapd" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. --...
HP Tru64 UNIX contains buffer overflow in libc libraries (SSRT2257)
Overview The HP Tru64 Unix operating system contains multiple buffer overflow vulnerabilities. Description A vulnerability exists in the way in which the libc libraries handle environment variables in the HP Tru64 UNIX operating system. As a result, local attackers may be able to execute arbitrar...
AOL Instant Messenger vulnerable to DoS via crafted GIF file
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM allows users to send image files to one another. By sending a crafted GIF image, an attacker can cause the victim's...
MandrakeSoft Mandrake Linux Apache default configuration sample programs disclose server information
Overview The default installation of Apache on MandrakeSoft Mandrake Linux includes sample programs which may unnecessarily disclose information about the server. Description MandrakeSoft produces a Linux distribution called Mandrake Linux that includes the Apache web server. The default...
SCO UnixWare uux contains buffer overflow via long string of characters sent as command line argument
Overview A buffer overflow in uux, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sending of...
Hewlett Packard HP-UX text editors contain buffer overflow
Overview A buffer overflow in the text editor on certain Hewlett-Packard systems could compromise system availability. Description Various text editing programs on HP systems that rely upon the same facilities, including e, ex, vi, edit, view, and vedit, contain a buffer overflow that could...
Securly Chrome Extension contains multiple weak encryption and access control vulnerabilities
Overview Version 3.0.7 of the Securly Chrome Extension contains multiple vulnerabilities involving insecure data transmission, weak cryptography, and improper access control. These issues may expose sensitive filtering rules, enable the manipulation of downloaded configuration files, and allow...
Multiple Heap Buffer Overflows in Orthanc DICOM Server
Overview Multiple vulnerabilities have been identified in Orthanc DICOM Server version, 1.12.10 and earlier, that affect image decoding and HTTP request handling components. These vulnerabilities include heap buffer overflows, out-of-bounds reads, and resource exhaustion vulnerabilities that may...
Kyverno is vulnerable to server-side request forgery (SSRF)
Overview Kyverno, versions 1.16.0 to present, contains an SSRF vulnerability in its CEL-based HTTP functions, which lack URL validation or namespace scoping and allow namespaced policies to trigger arbitrary internal HTTP requests. An attacker with only namespace-level permissions can exploit thi...
Stack-based buffer overflow in libtasn1 versions v4.20.0 and earlier
Overview A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. The issue is caused by unsafe string concatenation in the asn1expandoctetstring function located in decoding.c. Under worst-case conditions, this results in a one-byte stack overflow th...
Livewire Filemanager contains an insecure .php component that allows for unauthenticated RCE in Laravel Products
Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application...
Partner Software/Partner Web does not sanitize Report files and Note content, allowing for XSS and RCE
Overview Partner Software and Partner Web, both products of their namesake company, Partner Software, fail to sanitize report or note files, allowing for XSS attacks. Partner Software is subdivision of N. Harris Computer Corporation and is a field application development company, with products...
SMM callout vulnerabilities identified in Gigabyte UEFI firmware modules
Overview System Management Mode SMM callout vulnerabilities have been identified in UEFI modules present in Gigabyte firmware. An attacker could exploit one or more of these vulnerabilities to elevate privileges and execute arbitrary code in the SMM environment of a UEFI-supported processor. Whil...
Microsoft Internet Explorer cross-domain frame race condition
Overview Microsoft Internet Explorer contains a race condition that results in a cross-domain violation. Description Internet Explorer uses a cross-domain security model to maintain separation between browser frames from different sources. This model is designed to prevent code in one domain from...
Avast! antivirus buffer overflow vulnerability
Overview Avast! antivirus contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute code a vulnerable system. Description Avast! antivirus is an antivirus application that can scan different types of files. The Symbian Installer Format SIS file format is used b...
Drivers for the Intel 2100 PRO/Wireless Network Connection Hardware contain a memory corruption vulnerability
Overview Microsoft Windows drivers for Intel 2100 PRO/Wireless Network Connection Hardware contain a memory corruption vulnerability. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. Description Intel 2100 PRO/Wireless Network Connection Hardware The Inte...
Dell Openmanage CD launches unauthenticated services
Overview Dell Openmanage CD launches X11 and SSH daemons that permit unauthenticated users full access. Description The Dell Openmanage CD gives system administrators using Dell servers access to drivers, diagnostic tools, remote system control, and other utilities. When loaded, the CD launches X...
Secure Elements Class 5 AVR server fails to properly authenticate registration messages
Overview The Secure Elements Class 5 AVR server fails to properly authenticate registration messages. This may allow an attacker to cause a denial-of-service condition on the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that...
Multiple Cisco ONS control cards fail to properly handle malformed ICMP packets
Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...
Cisco default install of IBM Director agent fails to authenticate users for remote administration
Overview Cisco IBM Director agent fails to authenticate users for remote administration. Description Cisco voice products e.g. CallManager, IP Interactive Voice Response, IP Call Center Express that run on IBM servers install IBM Director agent to provide administrative management. The default...
Avaya Argent Office uses weak authentication for TFTP-based administrative control
Overview The Avaya Argent Office contains a weak authentication mechanism for administrative access. Description The Avaya Argent Office uses a TFTP-based mechanism to accept requests for administrative functions. By requesting "files" from the device via its internal interface, administrators ca...
OpenSSL does not securely handle invalid public key when configured to ignore errors
Overview A vulnerability in the way OpenSSL handles invalid public keys in client certificate messages could allow a remote attacker to cause a denial of service. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typical...
Cisco Catalyst switches allow access to "enable mode" without password
Overview Cisco Catalyst OS 7.51 contains a vulnerability that allows anyone who can obtain command line access to gain "enable" mode access without knowledge of the "enable" password. Description Cisco Catalyst OS is an operating system for Cisco's line of Catalyst switches. Version 7.51 of...
SETI@home client vulnerable to buffer overflow
Overview A buffer overflow vulnerability in the SETI@home client could allow a remote attacker to execute arbitrary code or cause the SETI@home client to fail. An exploit for this vulnerability is known to exist and may be circulating. Description From the SETI@home website:SETI@home is a...
Lotus Domino Server susceptible to a pre-authentication buffer overflow during Notes authentication
Overview Lotus Domino is vulnerable to a pre-authentication buffer overflow attack during Notes authentication. Description A buffer overflow vulnerability may be exploited during Notes authentication to a Lotus Domino server. Versions prior to 5.0.12 and 6.0 are affected. According to the Rapid7...
PHP-Nuke does not adequately authenticate users thereby allowing attackers to change user information
Overview PHP-Nuke's saveuser function does not adequately authenticate users. Attackers may exploit this vulnerability to change user data and gain access to accounts. Description PHP-Nuke is a set of PHP scripts designed to simplify web site creation and maintenance. PHP-Nuke's saveuser function...
KTH Kerberos Telnet implementations do not strictly enforce client encryption request
Overview A vulnerability exists in the KTH Kerberos IV and Kerberos V Heimdal Telnet implementations. When a KTH Kerberos Telnet client requests data encryption and the server does not appear to support it, the client will establish the connection using no encryption. A properly located attacker...
Cisco IOS Firewall Feature Set fails to check IP protocol type thereby allowing packets to bypass dynamic access control lists
Overview The Cisco IOS Firewall Feature Set also known as Cisco Secure Integrated Software, or Context Based Access Control may allow an intruder to pass traffic through the firewall in violation of implied security policies. Description It is important to note that only configurations that use t...
SCO UnixWare uuxcmd contains buffer overflow via long string of characters sent as command line argument
Overview A buffer overflow in uuxcmd, part of the UUCP package on SCO systems, can allow an intruder to gain elevated privileges. Description SCO UnixWare 7 ships with a utility package called UUCP. The UUCP package allows for the copying of files between different UNIX systems and the sending of...
SGLang is vulnerable to remote code execution when rendering chat templates from a model file
Overview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint /v1/rerank. A CVE has been assigned to track the vulnerability; CVE-2026-5760. An attacker can create a malicious model for SGLang to achieve RCE. Successful exploitati...
PyMuPDF path traversal and arbitrary file write vulnerabilities
Overview A path traversal vulnerability leading to arbitrary file write exist in PyMuPDF version 1.26.5, within the ‘embeddedget’ function in ‘main.py’. This vulnerability is caused by improper handling of untrusted embedded file metadata, which is used directly as an output path, enabling...
Server-Side Template Injection (SSTI) vulnerability exist in Genshi
Overview A Server-Side Template Injection SSTI vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval’ and ‘exec’ functions while allowing fallback access to Python built-in objects. If an...
The Librarian does not secure its interface, allowing for access to internal system data
Overview Multiple vulnerabilities were discovered in The Librarian, an AI-powered personal assistant tool provided by the company TheLibrarian.io. The Librarian can be used to manage personal email, calendar, documents, and other information through external services, such as Gmail and Google...
BeeS Software Solutions BeeS Examination Tool (BET) portal contains SQL injection vulnerability
Overview The BeeS Examination Tool BET portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. The vulnerability enables arbitrary SQL commands t...
Kiwire Captive Portal contains 3 web vulnerabilities
Overview The Kiwire Captive Portal, provided by SynchroWeb, is an internet access gateway intended for providing guests internet access where many users will want to connect. Three vulnerabilities were discovered within the product, including SQL injection, open redirection, and cross site...
Forwarding Loop Attacks in Content Delivery Networks may result in denial of service
Overview Content Delivery Networks CDNs may in some scenarios be manipulated into a forwarding loop, which consumes server resources and causes a denial of service DoS on the network. Description CWE-400: Uncontrolled Resource Consumption 'Resource Exhaustion' Content Delivery Networks CDNs are...
NetApp Data ONTAP contains multiple vulnerabilities
Overview NetApp Data ONTAP contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash. Description NetApp Data ONTAP contains multiple undisclosed vulnerabilities. --- Impact A remote,...
Trend Micro AntiVirus fails to properly process malformed UPX packed executables
Overview The Trend Micro AntiVirus scanning engine contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro virus scanning...
Oracle Advanced Replication SQL injection vulnerability
Overview An SQL injection vulnerability in the Oracle Advanced Replication component may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Advanced Replication component contains a SQL injection vulnerability.The details of this...
Perl programs providing user-controlled I/O format strings may contain format string vulnerabilities
Overview Programs written in Perl may contain many of the same types of format string vulnerabilities as programs written in C. Description Perl is a programming language used in many applications and commonly used for web applications. It provides many of the same functions for formatted I/O as ...
Oracle Application Server Web Cache vulnerability
Overview Oracle Applications Server Web Cache contains an unspecified information disclosure vulnerability. Description Oracle Applications Server Web Cache contains a vulnerability. The details of this vulnerability are not clear. However, Oracle states this issue can allow an attacker to easily...
Sun Solaris X Display Manager does not properly handle invalid XDMCP requests
Overview There is a vulnerability in the way Sun Solaris handles invalid X Display Manager Control Protocol XDMCP requests. Exploitation of this vulnerability could allow an attacker to cause the X Display Manager XDM to crash. Description The X Display Manager xdm1 is responsible for managing...
Ethereal contains integer overflow in PPP dissector
Overview Ethereal is a network traffic analysis package. The PPP packet dissector contains a vulnerability that may result in the execution of arbitrary code. Description The PPP packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory,...
HP Tru64 UNIX "dxsysinfo" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "dxsysinfo" contains a locally exploitable buffer overflow. Description "dxsysinfo" is used to monitor system resources. A locally exploitable buffer overflow in "dxsysinfo" may permit a local attacker to gain elevated privileges and execute arbitrary...