3695 matches found
Microsoft Office Publisher contains multiple exploitable vulnerabilities
Overview Microsoft Office Publisher fails to properly validate Publisher documents, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Publisher is a desktop publishing application that is provided with some versions of...
Power2Go buffer overflow vulnerability
Overview Power2Go 8 contains a buffer overflow in the handling of project .p2g files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to CyberLink's website, "Power2Go 8 features all the tools you need to easily copy all...
Adobe Acrobat and Reader U3D memory corruption vulnerability
Overview Adobe Reader and Acrobat fail to properly handle U3D data, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Reader supports two primary formats for 3D content in PDF documents: U3D and PRC. U3D support is accomplishe...
HomeSeer HS2 web interface multiple vulnerabilities
Overview HomeSeer HS2 home automation software web interface contains multiple vulnerabilities. Description According to HomeSeer's website, "HomeSeer HS2 is an advanced home automation and remote access software package that is designed to integrate the major systems of any home". The HomeSeer H...
JasPer memory corruption vulnerabilities
Overview Some versions of JasPer contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code. Description JasPer fails to properly decode marker segments and other sections in malformed JPEG2000 files. Malformed inputs can cause heap buffer overflo...
Hewlett-Packard printers and scanner devices allow remote unautheticated firmware updates
Overview A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. Description Certain Hewlett-Packard Printers and Hewlett-Packard Digital Senders products allow the device's firmware to be updated over the network. T...
CA Siteminder login.fcc form xss vulnerability
Overview CA Siteminder R6 SP6 CR7, R12 SP3 CR8 and possibly previous versions, are vulnerable to a reflective cross site scripting XSS vulnerability. Description According to CA's website: "CA SiteMinder provides a centralized security management foundation that enables the secure use of the web ...
Support Incident Tracker multiple vulnerabilities
Overview Support Incident Tracker or SiT! version 3.65, and possibly earlier versions, contain multiple vulnerabilities including; malicious file uploads, SQL injection, cross-site scripting, and cross-site request forgery. Description According to the SiT! website:"Support Incident Tracker or Si...
ISC BIND 9 resolver denial of service vulnerability
Overview ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c. Description According to ISC:An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers wit...
Zenprise Device Manager CSRF vulnerability
Overview The Zenprise Device Manager software is susceptible to a cross-site request forgery CSRF vulnerability that may result in the compromise of the fleet of mobile devices managed by the product. Description Zenprise Device Manager is a mobile device management MDM software package that can ...
Microsoft Windows UDP packet parsing vulnerability
Overview A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service. Description Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a...
eEye Retina audit script could execute untrusted programs as root
Overview eEye Retina audit scripts have the capability to run remote shell scripts in order to determine vulnerable applications. One audit script in particular audit ID 2499 uses find1 and execute -exec when assessing a vulnerability within Gauntlet Firewall. An attacker who can write an...
Microsoft Windows TrueType font array indexing vulnerability
Overview A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to cause a denial-of-service condition in Microsoft Windows. Description The Microsoft Windows kernel includes a driver win32k.sys that handles a variety of graphics processing tasks, includi...
Aviosoft DTV Player buffer overflow vulnerability
Overview Aviosoft DTV Player contains a buffer overflow in the handling of playlist .plf files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Aviosoft DTV Player is a multiple format video player application. Aviosoft DTV Player...
Dell KACE K2000 Appliance database administration account allows arbitrary command execution
Overview The Dell KACE K2000 System Deployment Appliance contains a vulnerability that could allow a remote attacker to execute arbitrary commands on an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating...
Dell KACE K2000 Appliance contains multiple reflected cross-site scripting vulnerabilities
Overview The administrative web interface for the Dell KACE K2000 System Deployment Appliance contains multiple cross-site scripting vulnerabilities. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating systems deployment...
Dell KACE K2000 Appliance read-only database account allows account information disclosure
Overview A vulnerability in the database component of the Dell KACE K2000 Deployment Appliance may allow a remote attacker to read account information from an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale...
Dell KACE K2000 Appliance contains backdoor administrator account
Overview The Dell KACE K2000 System Deployment Appliance contains a hidden administrator account that could allow a remote attacker to take control of an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating...
Microsoft Windows TrueType font parsing vulnerability
Overview A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to run arbitrary code in kernel mode. This vulnerability is reportedly being exploited by malicious software in the wild known as Duqu. Description The Microsoft Windows kernel includes a...
NJStar Communicator MiniSmtp packet processing buffer overflow vulnerability
Overview NJStar Communicator MiniSmtp server contains a buffer overflow vulnerability when processing malicious packets. Description According to the NJStar's website, "NJStar Communicator enables Chinese, Japanese and Korean CJK language input, display, print and conversions on your English or...
Enspire eClient SQL injection allows authentication bypass
Overview Enspire eClient contains a SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges. Description The Enspire software suite includes an eClient web front-end which is susceptible to SQL injection attacks. This...
Multiple MIT KRB5 KDC daemon vulnerabilities
Overview MIT's KRB5 KDC version 1.8 and 1.9 contain multiple vulnerabilities. Description The MIT krb5 Security Advisory 2011-006 states:CVE-2011-1527: In releases krb5-1.9 and later, the KDC can crash due to a null pointer dereference if configured to use the LDAP back end. A trigger condition i...
OneOrZero AIMS authentication bypass and SQLi vulnerabilities
Overview OneOrZero Action & Information Management System AIMS is vulnerable to an authentication bypass and SQL injection. Description According to the vendor's website:"OneOrZero AIMS is a powerful enterprise ready suite that includes a help desk, knowledge base, time manager and reporting syst...
Windows font library file buffer overflow
Overview Microsoft Windows contains a buffer overflow vulnerability in the handling of font library files, which may allow a remote, unauthenticated attacker to execute arbitrary code with kernel privileges. Description Microsoft Windows supports a variety of font formats. One of which is the fon...
GoAhead Webserver multiple stored XSS vulnerabilities
Overview GoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting XSS vulnerabilities. Description GoAhead Webserver software fails to sanitize POST requests sent to the multiple functions. As a result, stored and...
D-Link DIR-685 Xtreme N storage router WPA/WPA2 encryption failure
Overview The D-Link DIR-685 Xtreme N storage router is reported to fail open to an unencrypted wireless connection during heavy network load. Description The D-Link DIR-685 Xtreme N storage router when configured with WPA/WPA2 and an AES cipher with a pre-shared key PSK will fail to an open...
Iceni products PDF parser stack buffer overflow
Overview Iceni Argus and Infix contain a stack buffer overflow in the handling of flate-compressed PDF content, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Iceni Argus is a PDF conversion library. Argus 6.20 and earlier fail to...
UPnP requests accepted over router WAN interfaces
Overview Some Internet router devices incorrectly accept UPnP requests over the WAN interface. Description Universal Plug and Play UPnP is a networking protocol mostly used for personal computing devices to discover and communicate with each other and the Internet. Some UPnP enabled router device...
Investintech.com SlimPDF Reader contains multiple vulnerabilities
Overview Investintech.com's SlimPDF viewer contains multiple vulnerabilities which may result in a denial of service and possibly arbitrary code execution. Description Investintech.com's SlimPDF viewer contains multiple vulnerabilities, which include; user mode write access violations, read acces...
ProjectForum XSS vulnerability
Overview ProjectForum 7.0.1.3038 and possibly previous versions, are vulnerable to cross site scripting XSS. Description CourseForum's ProjectForum software fails to sanitize all input fields. As a result, cross site scripting XSS attacks can be conducted. By default, a non-credentialed user can...
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
Overview A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are commonly used to provide authentication, encryption, integrity, and...
Multiple Quagga remote component vulnerabilities
Overview Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. Description CERT-FI reports:Quagga is an open source routing software that can handle various routing protocols such as RIP, BGP and OSPF. Five vulnerabilities have been found...
libpng malformed cHRM divide-by-zero vulnerability
Overview libpng crashes when processing malformed cHRM chunks. Description When libpng encounters a cHRM chunk that is malformed it will perform a divide-by-zero causing libpng to crash. This bug was introduced in libpng version 1.5.4 and has been fixed in libpng version 1.5.5. --- Impact By...
AmmSoft ScriptFTP 3.3 client remote buffer overflow vulnerability
Overview AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command. Description AmmSoft's ScriptFTP client can be exploited to execute arbitrary code when processing GETLIST or GETFI...
Mercator SENTINEL SQL injection allows authentication bypass
Overview Mercator SENTINEL contains an SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges. Description Mercator SENTINEL is a flight safety management system. The login form of the web interface contains an SQL...
JasperServer cross-site request forgery vulnerability
Overview JasperSoft's JasperServer is vulnerable to a cross-site request forgery CSRF vulnerability. Description According to JasperSoft's website: "JasperReports Server is a powerful, yet flexible and lightweight reporting server. Generate, organize, secure, and deliver interactive reports and...
Microsoft Office uninitialized object pointer vulnerability
Overview Microsoft Office fails to properly handle certain Word documents, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Code in the MSO.dll component of Microsoft Office 2003, 2007, and 2010 fails to properly initialize an object pointer when loading...
LifeSize Room appliance authentication bypass and arbitrary code injection vulnerability
Overview LifeSize Room appliance contains an authentication bypass and arbitrary code injection vulnerability when failing to sanitize input from unauthenticated clients. Description According to LifeSize's website "LifeSize Room combines an immersive, high definition video experience with a rich...
Apache HTTPD 1.3/2.x Range header DoS vulnerability
Overview Apache HTTPD server contains a denial-of-service vulnerability in the way multiple overlapping ranges are handled. Both the 'Range' header and the 'Range-Request' header are vulnerable. An attack tool, commonly known as 'Apache Killer', has been released in the wild. The attack tool caus...
ASUS RT-N56U remote password disclosure vulnerability
Overview ASUS's Wireless-N Gigabit Router RT-N56U is vulnerable to remote administrator password disclosure. Description ASUS's Wireless-N Gigabit Router RT-N56U contains a vulnerability which may allow a remote unauthenticated attacker to recover the device's administrator password. An attacker...
Avaya Secure Access Link (SAL) Gateway information disclosure vulnerability
Overview Avaya Secure Access Link SAL gateway releases 1.5, 1.8, and 2.0 have an information disclosure vulnerability in the default install. Description According to Avaya's Product Support Notice PSN003314u PDF:"On installation of SAL Gateway with the default properties provided along with the...
Oracle Outside In CorelDRAW file parser stack buffer overflow
Overview Oracle Outside In contains a stack buffer overflow in the CorelDRAW parser, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different file formats. Originally...
HP ArcSight Connector Appliance XSS vulnerability
Overview ArcSight Connector Appliance v6.0.0.60023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting XSS. Description Windows Event Log SmartConnector, a component of ArcSight Connector Appliance v6.0.0.60023.2 does not sanitize all input fields. As ...
Brocade BigIron RX switch ACL bypass vulnerability
Overview Brocade BigIron RX switch devices are susceptible to an access control list ACL bypass vulnerability by sending packets with the source port 179. Description Brocade BigIron RX switch devices do not properly restricted packets sent with a source port of 179. Port 179 is commonly used for...
libpng invalid sCAL chunk processing vulnerability
Overview libpng reads uninitialized memory when processing invalid sCAL chunks. Description When libpng encounters a sCAL chunk that is empty it will read uninitialized memory. libpng also does not properly handle a sCAL chunk that lacks the terminating zero between the two strings...
ISC BIND 9 RPZ zone named denial-of-service vulnerability
Overview ISC BIND 9 contains a remote crashing vulnerability when running with certain RPZ configurations. Description According to ISC:A defect in the affected versions of BIND could cause the "named" process to exit when queried, if the server has recursion enabled and was configured with an RP...
ISC BIND 9 named denial of service vulnerability
Overview ISC BIND 9 contains a remote packet denial of service vulnerability when running as an authoritative or recursive server. Description According to ISC:A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packe...
ManageEngine ServiceDesk directory traversal vulnerability
Overview ManageEngine ServiceDesk contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information. Description ManageEngine ServiceDesk Plus 8.0, and possibly prior versions, contains a directory traversal vulnerability in the...
Parodia blind SQL injection vulnerability
Overview The Parodia job board software is vulnerable to a blind SQL injection vulnerability. Parodia 6.8 and earlier versions are reported to be affected. Description Parodia is an ASP based job board application used for recruitment web sites. The Parodia software fails to properly sanitize SQL...
LibreOffice 3.3 'Lotus Word Pro' document import filter contains multiple vulnerabilities
Overview LibreOffice 3.3.2 includes a feature to import 'Lotus Word Pro' .lwp documents. This import filter contains multiple vulnerabilities. CERT/CC has confirmed that code execution is possible by exploiting a stack buffer overflow. Description LibreOffice 3.3.2, 3.3.1, and possibly earlier...