Google Chrome multiple vulnerabilities

Overview Google Chrome contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Google Chrome stable channel versions prior to 8.0.552.237 contain multiple memory corruption vulnerabilities. These...

InduSoft NTWebServer web service stack-based buffer overflow

Overview InduSoft NTWebServer web service contains a stack-based buffer overflow vulnerability. Description According to InduSoft's website: "InduSoft Web Studio™ is a powerful collection of automation tools that provide all the automation building blocks to develop HMIs, SCADA systems and embedd...

WellinTech KingView 6.53 remote heap overflow vulnerability

Overview WellinTech KingView 6.53 contains a remote heap overflow vulnerability in the HistorySrv process which may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to WellinTech's website: "King V iew software is a high-pormance production which can be us...

Ecava IntegraXor web service allows directory traversal outside of web root

Overview Ecava IntegraXor contains a directory traversal vulnerability Description According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based HMI interface for a Supervisory Control and Data Acquisition SCADA system. Ecava IntegraXor runs a web service that...

Libpng 1.5.0 png_set_rgb_to_gray() vulnerability

Overview Libpng-1.5.0 introduced a vulnerability in the rgb-to-gray transform function. Description Libpng based applications that call the pngsetrgbtogray function from pngrtran.c are vulnerable. Libpng versions prior to 1.5.0 are not vulnerable. --- Impact An attacker may cause the application ...

PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative password

Overview The PolyVision RoomWizard web based scheduling system with touch screen display contains two vulnerabilities that allow an unauthorized user to access the device console and Sync Connector Active Directory credentials. Description The PolyVision RoomWizard is a touch screen scheduling...

Microsoft Internet Explorer 8 use-after-free vulnerability

Overview Microsoft Internet Explorer 8 is susceptible to a use-after-free vulnerability in the mshtml.dll library. Description The use-after-free vulnerability is triggered when handling circular memory references. Full details of the crash can be found at Michal Zalewski's website. Additional...

Microsoft Windows graphics engine thumbnail stack buffer overflow

Overview Microsoft Windows contains a stack-based buffer overflow vulnerability in the graphics rendering engine, which may allow an attacker to execute arbitrary code. Description Microsoft Windows contains a stack-based buffer overflow vulnerability caused by a signedness error in the...

Microsoft WMI Administrative Tools WBEMSingleView.ocx ActiveX control vulnerability

Overview The ActiveX control, WBEMSingleView.ocx, that is a part of the WMI Administrative Tools package contains a vulnerability. Description The AddContextRef and ReleaseContext functions of the WMI Object Viewer control can be passed an object pointer from an attacker that results in arbitrary...

Microsoft IIS FTP server memory corruption vulnerability

Overview Microsoft IIS FTP server 7.5 is affected by a pre-authentication memory corruption vulnerability. Description A specifically crafted request sent to the IIS FTP service can result in memory corruption causing the service to crash. A denial-of-service exploit has been released to the...

Ecava IntegraXor stack-based buffer overflow vulnerability

Overview Ecava IntegraXor contains a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface HMI product that could allow the execution of arbitrary code. Description According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based...

Invensys Wonderware InBatch and Foxboro I/A Series Batch database lock manager service (lm_tcp) buffer overflow vulnerability

Overview The lmtcp service in Invensys Wonderware InBatch and Foxboro I/A Series Batch contains a buffer overflow vulnerability when coping string data into a buffer in a fixed structure. Description From the Invensys Wonderware website: "InBatch is powerful software that can be used in the most...

Exim alternate configuration privilege escalation vulnerability

Overview A vulnerability in the way that the Exim mail server handles configuration files may allow a local attacker to gain escalated privileges on an affected system. Description Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to t...

Microsoft Internet Explorer CSS use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the handling of CSS, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a vulnerability caused by a use-after-free error within the mshtml.dl...

Exim string_format() buffer overflow

Overview The Exim mail server contains a buffer overflow that could allow a remote attacker to execute arbitrary code on an affected system. Description Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. The internal...

ISC DHCP server vulnerability

Overview The ISC DHCP server contains a vulnerability that could allow a remote attacker to cause a denial of service. Description According to ISC:If a TCP connection is established to the server on a port which has been configured for communication with a failover peer, this can cause it to...

Apple QuickTime JPEG2000 heap buffer overflow

Overview Apple QuickTime contains a heap buffer overflow in the processing of JPEG2000 data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote...

GNU libc regcomp() stack exhaustion denial of service

Overview The regcomp function of GNU libc is susceptible to stack exhaustion which may result in a denial of service. Description It is possible to trigger deep recursion which results in stack exhaustion. An example trigger is: grep -E ".10,10,10,10,10," --- Impact An attacker may be able to...

ISC BIND cache vulnerability

Overview The ISC BIND nameserver contains a vulnerability that could allow a remote attacker to cause a denial of service. Description According to ISC:Adding certain types of signed negative responses to cache doesn't clear any matching RRSIG records already in cache. A subsequent lookup of the...

ISC BIND named allow-query vulnerability

Overview ISC BIND contains a vulnerability in the processing of the allow-query access control specifier. Description According to ISC:When named is running as an authoritative server for a zone and receives a query for that zone data, it first checks for allow-query acls in the zone statement,...

ISC BIND named validator vulnerability

Overview ISC BIND named contains a vulnerability where under certain situations it could incorrectly mark zone data as insecure. Description According to ISC:named, acting as a DNSSEC validator, was determining if an NS RRset is insecure based on a value that could mean either that the RRset is...

PHP getSymbol vulnerability allows denial of service

Overview PHP fails to properly sanitize input passed to the getSymbol function in a way that could allow and attacker to cause a segmentation fault. Description PHP is a scripting language that is designed for web-based applications and can be embedded directly into HTML. The getSymbol function i...

AWStats fails to properly handle "\\" when specifying a configuration file directory

Overview AWStats fails to properly handle "\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share. Description From the AWStats project website: "AWStats is a free powerful and featureful tool that...

Microsoft Windows RtlQueryRegistryValues() does not adequately validate registry data

Overview Microsoft Windows does not adequately validate registry data read using the function RtlQueryRegistryValues. By modifying an EUDC registry key value, a local user could execute arbitrary code with SYSTEM privileges. Description Microsoft Windows supports end-user-defined characters EUDC ...

RealFlex RealWin HMI service buffer overflows

Overview RealFlex RealWin 1.06 HMI service 912/tcp contains two stack buffer overflow vulnerabilities. Description RealFlex RealWin is a SCADA server package for medium and small applications designed to control and monitor real-time applications. The RealWin application runs an HMI service on po...

OSIsoft PI Server provides an insecure authentication mechanism

Overview OSIsoft PI Server provides an insecure authentication mechanism that could allow attackers to read or modify information in databases. Description PI Server is a core component of the OSIsoft PI System.According to a report from C4 Security, OSISoft release notes login required for PI...

PGP Desktop unsigned data injection vulnerability

Overview PGP Desktop 10.0.3 and earlier versions as well as 10.1.0 are vulnerable to an unsigned data injection attack. PGP Command Line versions 9.6 and greater are not affected by this vulnerability. Description The PGP Desktop user interface incorrectly displays messages with unsigned data as...

Microsoft Internet Explorer invalid flag reference vulnerability

Overview Microsoft Internet Explorer invalid flag reference vulnerability Description According to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets CSS tags when parsing HTML,...

NetSupport Manager Gateway transmits identifying information in plaintext

Overview The NetSupport HTTP protocol implementation used for communication between the NetSupport Manager Gateway and NetSupport Manager Controls or NetSupport Manager Clients is not encrypting http headers sent between systems. Description The NetSupport HTTP protocol implementation used for...

Attachmate Reflection for the Web cross site scripting vulnerability

Overview Attachmate Reflection for the Web contains a non-persistent cross site scripting vulnerability. Description The following versions of Attachmate's Reflection for the Web products are vulnerable to a non-persistent cross site scripting vulnerability. Reflection for the Web 2008 R2 builds...

Adobe Flash code execution vulnerability

Overview Adobe Flash 10.1.85.3 contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Flash 10.1.85.3 and earlier versions as well as 10.2.161.23 and earlier 10.2 preview versions contain a vulnerability that...

GNU C library dynamic linker expands $ORIGIN in setuid library search path

Overview Certain versions of glibc unsafely handle the $ORIGIN ELF substitution sequence which can be exploited to gain local privilege escalation. Description Tavis Ormandy's advisory states:"$ORIGIN is an ELF substitution sequence representing the location of the executable being loaded in the...

Linux kernel RDS protocol vulnerability

Overview The RDS protocol implementation of Linux kernels 2.6.30 through 2.6.38-rc8 contain a local privilege escalation vulnerability. Description Kernel functions fail to properly check if a user supplied address exists in the user segment of memory. By providing a kernel address to a socket ca...

Adobe Shockwave Player Director file 'rcsL' chunk parsing vulnerability

Overview Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems contain a critical vulnerability in the handling of "rcsL" chunks. Description Adobe Macromedia Shockwave Player is software that plays active web content developed in Macromedia and Ado...

SAP BusinessObjects Axis2 Default Admin Password

Overview The Axis2 component of SAP BusinessObjects contains a default administrator account and password. Description The SAP BusinessObjects product contains a module dswsbobje.war which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone...

Oracle WebLogic Node Manager allows arbitrary configuration via UNC path

Overview Oracle WebLogic Node Manager 10.3.3 and earlier versions contain a remote file inclusion vulnerability. This vulnerability could allow a remote attacker to execute arbitrary commands on an affected system. Description Node Manager is a WebLogic Server utility that enables you to start,...

Ghostscript crashes when passing a null ipsp->ip value to the gs_type2_interpret function

Overview The gstype2interpret function which is a part of Ghostscript is prone to denial-of-service conditions. Description Ghostscript contains a function called gstype2interpret which is not performing null value error checking. A specially crafted document can cause Ghostscript to deference a...

ActiveCollab permissions failure

Overview An authenticated user can view and delete projects or files that they are not assigned to. Description An authenticated user with no permission to a project can subscribe to the project, delete files, and possibly take other actions by loading a specifically crafted URL. Specific fields...

Unexpected ACL Behavior in BIND 9.7.2

Overview A flaw exists in BIND 9.7.2 through 9.7.2-P1 pertaining to how an ACL is applied. Description There is a flaw in BIND 9.7.2 through 9.7.2-P1 where the wrong ACL is applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it. This bug is primarily a ri...

Adobe Reader and Acrobat Font Parsing Buffer Overflow Vulnerability

Overview A vulnerability has been discovered in Adobe Reader and Acrobat that may be exploited to run arbitrary code. Description A critical vulnerability exists in the font parsing code of CoolType.dll. A vulnerable strcat call is used when parsing data within the "SING" table of a TrueType font...

Adobe Flash unspecified code execution vulnerability

Overview Adobe Flash contains an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash contains a vulnerability that can result in memory corruption, which can allow arbitrary code execution. See also Adobe Security Advisory...

Washington Courts website vulnerable to SQL injection and cross-site scripting

Overview The Washington Courts website http://www.courts.wa.gov/ is vulnerable to SQL injection and cross-site scripting. An attacker could gain access to information stored on the site or manipulate how the site appears to victims who browse to an attacker-supplied URL. Description The Washingto...

Blackboard Transact database credentials disclosure

Overview The Blackboard Transact application contains two vulnerabilities that allow an unauthorized user to access the database credentials. Description The Blackboard Transact application previously know as Blackboard Commerce Suite comes with a utility called BbtsConnectionEdit.exe that is use...

Microsoft Windows based applications may insecurely load dynamic libraries

Overview Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. Description Dynamically Linked Libraries DLLs are executable...

Ghostscript Heap Corruption in TrueType bytecode interpreter

Overview The TrueType bytecode interpreter which is a part of Ghostscript is prone to heap corruption. Description Ghostscript includes a TrueType bytecode interpreter which is prone to an off by one bug which causes heap corruption. Further details can be found in the Ghostscript Bug 691044,...

DevonIT weak authentication and buffer overflow in /usr/bin/tm-console-bin

Overview The DevonIT management tool for thin clients uses a shared secret that is transmitted over the network in the clear. The /usr/bin/tm-console-bin application contains a buffer overflow, which may allow an attacker to execute arbitrary code. Description The management tool transmits an...

Wyse ThinOS LPD service buffer overflow vulnerability

Overview Wyse ThinOS HF 4.4.079i has a buffer overflow vulnerability in the LPD service 515/tcp. Description The LPD service 515/tcp on Wyse ThinOS HF 4.4.079i crashes when a long buffer is sent to it. This condition may exist in all versions before Wyse ThinOS 6.5. --- Impact An attacker can cau...

Adobe Flash 10.1 ActionScript AVM1 ActionPush vulnerability

Overview Adobe Flash contains a vulnerability in the handling of the ActionScript, AVM1 ActionPush command, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash supports two main types of ActionScript, which is the scripting language for Flash...

FreeType 2 CFF font stack corruption vulnerability

Overview FreeType 2 contains a vulnerability in the processing of CFF fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description FreeType is a font engine that can open and process font files. FreeType 2 includes the ability to handle a...

Oracle Siebel Option Pack for IE ActiveX control memory initialization vulnerability

Overview The Oracle Siebel Option Pack for IE ActiveX control fails to properly initialize memory, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Siebel Option Pack for IE is an ActiveX control that is provided by Oracle Siebel...