Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control stack buffer overflow

Overview The Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control contains a stack buffer overflow that could allow a remote attacker to execute arbitrary code on an affected system Description The Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control,...

Wind River Systems VxWorks debug service enabled by default

Overview Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. Description The VxWorks WDB target agent is a target-resident, run-time facility that is required f...

Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)

Overview The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. Description An attacker with a known username and access to a...

Microsoft Windows automatically executes code specified in shortcut files

Overview Microsoft Windows automatically executes code specified in shortcut LNK and PIF files. Description Microsoft Windows supports the use of shortcut or LNK files. A LNK file is a reference to a local file. A PIF file is a shortcut to a MS-DOS application. Clicking on a LNK or PIF file has...

ISC DHCP server fails to handle zero-length client identifier

Overview A vulnerability in ISC DHCP could allow a remote attacker to cause the DHCP server to exit, resulting in a denial of service. Description ISC DHCP is a commonly redistributed reference implementation of the Dynamic Host Configuration Protocol DHCP, including a server, client, and relay...

Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings

Overview Cisco Industrial Ethernet 3000 IE 3000 Series switches running Cisco IOS Software releases 12.252SE or 12.252SE1, contain well-known, hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device. Description Cisco Industrial Ethernet...

libpng fails to limit number of rows in header

Overview Libpng contains a vulnerability in the way it handles images containing an extra row of image data beyond the height reported in the image header. Description A vulnerability exists in the way libpng receives an extra row of image data beyond the height reported in the header of the imag...

Snare Agent web interface cross-site request forgery vulnerabilities

Overview The Snare Agent web interface is susceptible to cross-site request forgery attacks. Description The web interface allows the administrator to manage several agent settings, including changing the listening port and password. These HTTP requests do not perform proper validity checks and a...

S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs

Overview S2 NetBox and related products do not adequately restrict access to node logs, backups, and employee photographs. A remote, unauthenticated attacker could use information obtained from a vulnerable system to aid in further attacks. Description S2 NetBox is a line of "...open architecture...

Symantec AppStream and Workspace Streaming vulnerable to arbitrary code download and execution

Overview The Symantec AppStream and Workspace Streaming clients fail to properly validate downloads, which can allow a remote, unauthenticated attacker to download and execute arbitrary code on a vulnerable system. Description Symantec Workspace Streaming is a software distribution solution that...

Microsoft Windows Help and Support Center URI processing vulnerability

Overview The Microsoft Windows Help and Support Center application fails to properly sanitize hcp:// URIs, which can allow a remote, unauthenticated attacker to execute arbitrary commands. Description Microsoft Windows Help and Support Center is the default handler for the hcp protocol on Windows...

Adobe Flash ActionScript AVM2 newfunction vulnerability

Overview Adobe Flash contains a vulnerability in the handling of the ActionScript newfunction instruction, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash 9 and later versions support ActionScript 3, which is executed by the ActionScript Virtu...

Cisco Network Building Mediator products contain multiple vulnerabilities

Overview Cisco Network Building Mediator NBM products are affected by multiple vulnerabilities that could allow an attacker to gain control of a vulnerable device or to cause a denial of service. Description Cisco Network Building Mediator NBM products are designed to manage facility energy use...

Accoria Rock Web Server contains multiple vulnerabilities

Overview Accoria Web Server contains multiple vulnerabilities that collectively could allow an attacker to execute commands through the administration interface. Description The Accoria web server, also known as Rock Web Server, contains several cross-site scripting XSS and cross-site request...

Apple Safari window object invalid pointer vulnerability

Overview Apple Safari contains a vulnerability in the handling of window objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Safari fails to properly handle references to window objects. Safari can allow a window object t...

Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) cross-site scripting, ActiveX, and Repair Service vulnerabilities

Overview Consona formerly SupportSoft Intelligent Assistance Suite IAS contains a set of vulnerabilities that collectively could allow an attacker to execute arbitrary code on a remote system. Description In 2009, Consona acquired SupportSoft's enterprise software assets, including web-based...

Java Deployment Toolkit insufficient argument validation

Overview The Sun Java Deployment Toolkit plugin and ActiveX control perform insufficient argument validation, allowing an attacker to perform several attacks, including the execution of an arbitrary JAR file. Description The Sun Java Deployment Toolkit contains an NPAPI Netscape compatible plugin...

IntelliCom NetBiter devices have default HICP passwords

Overview IntelliCom NetBiter devices ship with default passwords for the HICP network configuration service. An attacker with network access could change network settings and prevent legitimate users from accessing the HICP service. Description IntelliCom NetBiter products use the proprietary HIC...

Oracle Sun Java fails to properly validate Java applet signatures

Overview Oracle Sun Java fails to properly validate Java applet signatures, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Signed Java applets have the ability to perform actions outside of the traditional Java sandbox, including...

Foxit Reader vulnerable to arbitrary command execution

Overview Foxit Reader contains a vulnerability that may allow an attacker to execute arbitrary commands without requiring user interaction. Description Foxit Reader is software designed to view Portable Document Format PDF files. The Adobe PDF Reference supports a "Launch action" that "... launch...

Broadcom NetXtreme management firmware ASF buffer overflow

Overview A buffer overflow vulnerability exists in the Broadcom NetXtreme management firmware. This vulnerability may allow a remote attacker to execute arbitrary code on an affected device. Description The Alert Standard Format ASF Specification is a protocol developed by Distributed Management...

IntelliCom NetBiter Config HICP hostname buffer overflow

Overview The IntelliCom NetBiter Config HICP configuration utility has a buffer overflow vulnerability that can be triggered by a specially crafted hostname hn value. An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running...

Mozilla WOFF decoder integer overflow

Overview An integer overflow in the Mozilla Web Open Fonts Format WOFF decoder may allow a remote attacker to execute code on an affected system. Description The Web Open Fonts Format WOFF is a simple compressed file format for fonts. Mozilla introduced support for WOFF in the 1.9.2 branch of the...

Apache mod_isapi module library unload results in orphaned callback pointers

Overview The Apache modisapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP server running on Windows platforms...

Microsoft Internet Explorer iepeers.dll use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer provides support for Web Folders and printing through the use of the...

Energizer DUO USB battery charger software allows unauthorized remote system access

Overview The software available for the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access. Description Energizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been...

libpng stalls on highly compressed ancillary chunks

Overview Libpng stalls and consumes large quantities of memory while processing certain Portable Network Graphics PNG files. Description When processing PNG files containing highly compressed ancillary chunks, the pngdecompresschunk function in libpng can consume large amounts of CPU time and...

Internet Explorer VBScript Windows Help arbitrary code execution

Overview Microsoft Internet Explorer is vulnerable to arbitrary code execution through the use of VBScript and Windows Help. Description Microsoft Internet Explorer supports the use of VBScript, in addition to the more widely-used JavaScript scripting language. Several VBScript commands allow a...

APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery

Overview The web management interface for the APC Network Monitoring Card NMC used in various APC devices contains cross-site scripting XSS and cross-site request forgery CSRF/XSRF vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker...

Panda Security ActiveScan fails to properly validate downloaded software

Overview Panda ActiveScan fails to properly validate downloaded software, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Panda ActiveScan is an online scanner that is reported to detect malware, vulnerabilities, and unknown threats...

Rockwell Automation Allen-Bradley MicroLogix PLC authentication and authorization vulnerabilities

Overview Rockwell Automation Allen-Bradley MicroLogix programmable logic controllers PLCs do not adequately authenticate or authorize remote connections or commands. An attacker with network access can obtain the management password or issue commands that bypass the authentication mechanism...

BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses

Overview A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses. Description BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC: There was an error in the DNSSEC NSEC/NSEC3 validation code that cou...

Microsoft Internet Explorer HTML object memory corruption vulnerability

Overview An invalid pointer reference within Microsoft Internet Explorer may lead to execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability, which can result in an invalid pointer being accessed after an object is incorrectly initialized or...

NOS Microsystems Adobe getPlus Helper ActiveX control stack buffer overflows

Overview The NOS Microsystems Adobe getPlus Helper ActiveX control contains stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description NOS Microsystems getPlus is download management software that is used to install Ado...

Windows XP Macromedia Flash 6 ActiveX control use-after-free vulnerability

Overview The Macromedia Flash ActiveX control that is provided with Windows XP contains a memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows XP provides the Macromedia Flash ActiveX...

Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting

Overview Liferay Portal is vulnerable to persistent cross-site scripting via the ppid parameter, which can allow a remote, unauthenticated attacker to execute arbitrary script in the context of the portal administrator. Description Liferay Portal is a web portal that can provide Java applets that...

S2 Security Netbox/Linear eMerge Access Control System management component vulnerable to unauthenticated factory reset

Overview The S2 Security Netbox/Linear eMerge Access Control System management console allows an unauthenticated attacker to perform a factory reset of the management system. Description Linear eMerge is an IP-enabled security management and access control system. The product is distributed by...

Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method

Overview The Doc.media.newPlayer method in Adobe Acrobat and Reader contains a use-after-free vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Reader and the Adobe Acrobat family of software are designed to creat...

Microsoft Indeo video codecs contain multiple vulnerabilities

Overview The Indeo video codecs that are provided by Microsoft Windows contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Indeo is a video codec that was developed by Intel and Microsoft. Multiple...

DISA UNIX SRR scripts execute untrusted programs as root

Overview The Defense Information Systems Agency DISA UNIX Security Readiness Review SRR scripts find1 and execute -exec various programs to obtain version information. The SRR scripts are designed to be run as root. An attacker who can write a file under the root file system may be able to exploi...

NTP mode 7 denial-of-service vulnerability

Overview NTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition. Description NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes...

BIND DNS Nameserver, DNSSEC validation Vulnerability

Overview A vulnerability exists in the way BIND 9 handles recursive client queries that may cause additional records to be added to its cache. Description BIND 9 contains a vulnerability in the way recursive client queries are handled. According to ISC:A nameserver with DNSSEC validation enabled...

Clientless SSL VPN products break web browser domain-based security models

Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks. Description Web browsers enforce the same origin policy to prevent one...

Microsoft Internet Explorer CSS style element vulnerability

Overview Microsoft Internet Explorer IE does not safely reference CSS style elements. Using a specially crafted HTML page, an attacker can cause IE to crash and potentially execute arbitrary code. Description IE contains a vulnerability in the way it references CSS style elements. Processing a...

TCP may keep its offered receive window closed indefinitely (RFC 1122)

Overview Part of the Transmission Control Protocol TCP specification RFC 1122 allows a receiver to advertise a zero byte window, instructing the sender to maintain the connection but not send additional TCP payload data. The sender should then probe the receiver to check if the receiver is ready ...

Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32

Overview Wyse Simple Imager WSI includes older versions version of TFTPD32 that contains publicly known vulnerabilities. An attacker could exploit these vulnerabilities to potentially execute arbitrary code on the system running WSI and TFTPD32. Description Wyse Simple Imager WSI is a component o...

SSL and TLS protocols renegotiation vulnerability

Overview A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation...

Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities

Overview Wyse Device Manager WDM Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems. Description Wyse Device Manager WDM, formerly known as Wyse Rapport manages thin clients. Part of the server...

Adobe Acrobat and Reader contain vulnerabilities in multiple Document Object JavaScript methods

Overview A vulnerability in the way Adobe Acrobat and Reader enforce privileges on JavaScript in PDF files could allow arbitrary files to be written to the local file system of an affected system. Description Adobe Reader and the Adobe Acrobat family of software are designed to create, view, and...

Wireshark Endace ERF unsigned integer wrap vulnerability

Overview Wireshark contains an unsigned integer wrap vulnerability that may occur when parsing Endace Extensible Record Format ERF files. Description Wireshark is a protocol analyzer that can open or import previously saved files. When processing an Endace ERF file an unsigned integer wrap...