Adobe Reader and Acrobat font memory corruption vulnerability

Overview Adobe Reader and Acrobat fail to properly handle font data, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description A critical vulnerability exists in the font parsing code in Adobe Reader and Acrobat. The vulnerability results i...

Cisco AnyConnect SSL VPN arbitrary code execution

Overview The Cisco AnyConnect SSL VPN ActiveX and Java clients contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Cisco AnyConnect is an SSL VPN solution that is commonly initiated through use of a web browser...

Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers

Overview Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description Autonomy Keyview IDOL is a set of libraries that can decode over 1,000 different file formats. The...

RSLinx Classic EDS Wizard buffer overflow vulnerability

Overview Rockwell Automation RSLinx Classic EDS Hardware Installation Tool contains a buffer overflow vulnerability. Description According to Rockwell Automation's website: RSLinx Classic provides plant-floor device connectivity for a wide variety of Rockwell Software applications such as RSLogix...

Imperva SecureSphere management GUI contains an XSS vulnerability

Overview An XSS vulnerability exists in the Imperva SecureSphere management GUI. Description Dell SecureWorks' SWRX-2011-001 advisory states:"A vulnerability exists in Imperva SecureSphere due to improper validation of user-controlled input. User-controllable input is not properly sanitized for...

HP LoadRunner buffer overflow vulnerability

Overview HP LoadRunner contains a buffer overflow vulnerability when parsing Virtual User script files. Description According to HP's website: HP LoadRunner software is the industry standard for performance validation. It allows you to prevent application performance problems by detecting...

Anymacro Mail System G4X email server web interface directory traversal vulnerability

Overview Anymacro Mail System G4X email server web interface contains a directory traversal vulnerability. Description According to Anymacro's website: Anymacro Mail System is a professional e-mail and unified messaging product solution. Anymacro Mail System can be used for an e-mail platform for...

ISC BIND named negative caching vulnerability

Overview ISC BIND contains a vulnerability in the processing of large RRSIG RRsets included in a negative cache response. Description According to ISC:DNS systems use negative caching to improve DNS response time. This will keep a DNS resolver from repeatedly looking up domains that do not exist...

Unbound DNS resolver denial of service vulnerability

Overview A specially crafted DNS query may cause Unbound to respond with an empty UDP packet which triggers an assertion failure and stops the daemon. Description NLnetLabs advisory states:"Certain types of DNS queries may cause Unbound to respond with a DNS error message. The code generating thi...

Erlang/OTP SSH library uses a weak random number generator

Overview The Erlang/OTP SSH library's random number generator is not cryptographically strong because it relies on predictable seed material. Description Geoff Cant's report states:The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong...

SmarterTools default basic web server vulnerabilities

Overview Multiple SmarterTools applications install a default basic web server which contains multiple vulnerabilities Description Multiple SmarterTools applications by default install a basic web server which allows administrators to start using the application immediately after installation. Th...

OpenSSL leaks ECDSA private key through a remote timing attack

Overview The OpenSSL ladder implementation for scalar multiplication of points on elliptic curves over binary fields is susceptible to a timing attack vulnerability. This vulnerability can be used to steal the private key of a TLS server that authenticates with ECDSA signatures and binary curves...

Postfix SMTP server Cyrus SASL support contains a memory corruption vulnerability

Overview The Postfix SMTP server has a memory corruption error when the Cyrus SASL library is used with authentication mechanisms other than PLAIN and LOGIN. Description The Postfix Advisory for CVE-2011-1720 states:"The Postfix SMTP server fails to create a new Cyrus SASL server handle after...

Samsung Data Management Server vulnerable to SQL injection

Overview The Samsung Integrated Management System DMS is used to manage several air conditioning units. The DMS contains a built-in web server that is susceptible to SQL injection attacks. Description The DMS application's authentication form can be bypassed with SQL injection attacks. Versions...

Proofpoint Protection Server contains multiple vulnerabilities

Overview Proofpoint Protection Server contains multiple vulnerabilities including authentication bypass, insufficient authorization checks, command injection, SQL injection, and directory traversal. Description Clear Skies Security's advisory states:"Enduser Authentication Bypass User-level acces...

Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers

Overview Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of libraries that can decode over 500 different...

Wireshark DECT dissector vulnerability

Overview Wireshark's DECT dissector contains a remote code execution vulnerability in the context of the user running a packet capture or reading a packet capture file. Description Paul Makowski's report states:/epan/dissectors/packet-dect.c contains a stack-based buffer overflow via a call to...

Adobe Flash Player contains unspecified code execution vulnerability

Overview Adobe Flash contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The following versions of Adobe Flash versions contain an unspecified vulnerability that can result in memory corruption: Adobe Flash Playe...

ISC dhclient vulnerability

Overview The ISC dhclient contains a vulnerability that could allow a remote attacker to execute arbitrary code on the client machine. Description According to ISC:ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the...

Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability

Overview Dell KACE K2000 Systems Deployment Appliance contains a hidden CIFS share that allows anonymous access. Description According to Dell KACE's knowledge base article: "The Dell KACE K2000 Systems Deployment Appliance version 3.3.36822 and earlier uses a read-only CIFS fileshare named...

Oracle Solaris 10 password hashes leaked through back-out patch files

Overview Oracle Solaris 10 back-out patch files undo.Z contain password hashes which may be readable by unprivileged users. Description The root password hash along with other users' password hashes may be contained in the back-out patch files. In some instances, these files may be readable by...

NetGear WNAP210 remote password disclosure and password bypass vulnerability

Overview NetGear WNAP210 is vulnerable to remote administrator password disclosure and administrative web page login bypass. Description Netgear's ProSafe Wireless-N Access Point WNAP210 contains a vulnerability which may allow a remote unauthenticated attacker to recover the device's administrat...

pWhois Layer Four Traceroute 3.x vulnerability

Overview Given a specific set of command line arguments, Layer Four Traceroute lft will produce a segmentation fault leading to a possible privilege escalation vulnerability. Description pWhois Layer Four Traceroute 3.x contains a vulnerability when parsing command line arguments. Earlier version...

IPComp encapsulation nested payload vulnerability

Overview Some IPComp implementations may contain a kernel memory corruption vulnerability in their handling of nested encapsulation of IPComp payloads. Description RFC 3173 defines the IP Payload Compression Protocol IPComp as:IP payload compression is a protocol to reduce the size of IP datagram...

OpenSLP denial of service vulnerability

Overview OpenSLP contains a vulnerability in the handling of packets containing malformed extensions, which can result in a denial-of-service condition. Description Service Location Protocol is an IETF standards track protocol that provides a framework to allow networking applications to discover...

Foolabs Xpdf contains a denial of service vulnerability

Overview Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts. Description According to Foolabs: Xpdf is an open source viewer for Portable Document Format PDF files. These are sometimes also called 'Acrobat' files, from the name of...

Adobe Flash Player contains unspecified code execution vulnerability

Overview Adobe Flash contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The following versions of Adobe Flash versions contain an unspecified vulnerability that can result in memory corruption: Adobe Flash Playe...

MIT KDC vulnerable to double-free when PKINIT enabled

Overview The KDC in releases krb5-1.7 and later are vulnerable to a double-free vulnerability if they are configured to respond to PKINIT requests. Description The MIT krb5 Security Advisory 2011-003 states:"The MIT Kerberos 5 Key Distribution Center KDC daemon is vulnerable to a double-free...

STARTTLS plaintext command injection vulnerability

Overview Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. Description STARTTLS is an extension to plaintext communication protocols that offers a way to upgrade a plaintext connection to an encrypted TLS or SSL connection...

Wireshark 6LoWPAN denial of service vulnerability

Overview Wireshark will crash on 32-bit systems while reading a malformed 6LoWPAN packet. Description Paul Makowski's report states:dissect6lowpaniphcin /epan/dissectors/packet-6lowpan.c trusts user supplied data when incrementing 'offset '. It is possible for the user to increment 'offset ' to a...

IBM WebSphere Portal Server input validation vulnerability

Overview IBM WebSphere Portal Server does not validate entry path inputted data. Description From the IBM Portal website: "IBM WebSphere Portal software provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, as well as...

Mutare Software Enabled VoiceMail (EVM) system web interface cross-site request forgery vulnerabilities

Overview The Mutare Software Enabled VoiceMail EVM system web interface is susceptible to cross-site request forgery and cross-site scripting attacks. Description The Mutare Software Enabled VoiceMail EVM system web interface allows the user to change their Enabled VoiceMail EVM PIN, delete their...

ISC Bind 9 IXFR or DDNS update combined with high query rate DoS vulnerability

Overview A denial-of-service condition exists in certain cases when an ISC Bind server processes a IXFR transfer or dynamic update. Description The ISC security advisory states:"When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time...

PivotX password reset vulnerability

Overview The PivotX web content management system 2.2.3 and earlier is affected by a password reset vulnerability. Description PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be...

Microsoft Windows browser election message kernel pool overflow

Overview A vulnerability exists in the way the Microsoft Windows browser service handles Browser Election messages. Description From Description of the Microsoft Computer Browser Service:"The browser service maintains a list of the domain name or workgroup name the computer is in, and the protoco...

Adobe Shockwave 11.5.9.615 contains multiple memory corruption vulnerabilities

Overview Adobe Shockwave Player 11.5.9.615 and earlier versions on the Windows and Macintosh operating systems contain critical vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Macromedia Shockwave Player is...

Adobe Flash memory corruption vulnerability

Overview Adobe Flash contains an memory corruption vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash versions 10.1.102.64 and earlier contain a vulnerability that can result in memory corruption, which can allow arbitrary code...

Majordomo 2 _list_file_get() directory traversal vulnerability

Overview Majordomo 2 contains a directory traversal vulnerability in the listfilegetfunction, which may allow a remote, unauthenticated attacker to obtain sensitive information. Description Majordomo 2 contains a directory traversal vulnerability in the listfilegetfunction lib/Majordomo.pm caused...

IntelliCom NetBiter NB100 and NB200 platforms contain multiple vulnerabilities

Overview IntelliCom NetBiter products based on the NB100 and NB200 platforms contain multiple vulnerabilities. Description IntelliCom NetBiter products based on the NB100 and NB200 platforms contain multiple vulnerabilities. A user who has been authenticated at the superadmin level highest...

SCADA Engine BACnet OPC Client buffer overflow vulnerability

Overview SCADA Engine BACnet OPC Client contains a buffer overflow when parsing .csv files. This vulnerability may allow an attacker to execute arbitrary code. Description According to SCADA Engine website: "The SCADA Engine BACnet OPC Server is a server that provides data access DA, Alarms and...

Sielco Sistemi Winlog server stack overflow

Overview Sielco Sistemi Winlog TCP/IP server contains a stack overflow vulnerability Description According to Sielco Sistemi's website: "Winlog is a software package for SCADA/HMI applications with web support, OPC client and a wide library of communication drivers and protocols for most PLCs...

Automated Solutions Modbus/TCP Master OPC server Modbus TCP header vulnerability

Overview Automated Solutions OPC Server contains a heap corruption vulnerability in the Modbus/TCP Master OPC server. Description Automated Solutions Modbus/TCP Master OPC Server contains a heap corruption vulnerability. The server is vulnerable to an attacker writing an arbitrary number of doubl...

Cisco Tandberg E, EX, and C Series default root credentials

Overview Cisco's Tandberg C series endpoints and E/EX personal video units that run software versions prior to TC4.0.0 have a root administrator account enabled by default with no password. Description Cisco Advisory cisco-sa-20110202-tandberg states:"This vulnerability affects Tandberg C Series...

MOXA Device Manager MDM Tool buffer overflow

Overview The MOXA Device Manager MDM Tool contains a stack-based buffer overflow. Description The MOXA Device Manager consists of an MDM Tool, which allows local users to connect to a remote MDM Gateway to monitor and manage embedded computers installed with MDM Agent software. MOXA Device Manage...

Microsoft Windows MHTML script injection vulnerability

Overview Microsoft Windows contains an script injection vulnerability in the MHTML protocol handler, which may allow an attacker to execute arbitrary script within the context of another website domain. Description Microsoft Windows contains a script injection vulnerability caused by the way MHTM...

ISC DHCP server DHCPv6 decline message processing vulnerability

Overview ISC DHCPv6 versions 4.0.x - 4.2.x are susceptible to a denial-of-service vulnerability. Description The ISC Advisory states:"When the DHCPv6 server code processes a message for an address that was previously declined and internally tagged as abandoned it can trigger an assert failure...

Lomtec ActiveWeb Professional 3.0 CMS allows arbitrary file upload and execution

Overview Lomtec ActiveWeb Professional 3.0 web content management server allows unauthenticated users to upload arbitrary files. Description According to Lomtec's website: "Lomtec ActiveWeb offers an ideal solution for the creation, maintenance and administration of a Web site and its content. "...

CollabNet ScrumWorks Basic Server transmits credential information in plaintext

Overview Communication between the Collabnet ScrumWorks Basic Server and CollabNet ScrumWorks Desktop Client transmits credential information in plaintext. Description The communication between the CollabNet ScrumWorks Basic Server and CollabNet ScrumWorks Desktop Client is transmitting credentia...

ICQ 7 fails to verify the origin of software updates

Overview ICQ 7 does not verify the origin of automatic updates which may allow a remote attacker to execute arbitrary code. Description According to ICQ's website: "ICQ, the pioneer of Instant Messaging IM, now offers the optimal integration between Instant Messaging and Social Networks with the...

Google Chrome multiple vulnerabilities

Overview Google Chrome contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Google Chrome stable channel versions prior to 8.0.552.237 contain multiple memory corruption vulnerabilities. These...