Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability

Overview A vulnerability in the nginx web server may allow remote attackers to execute arbitrary code on an affected system. Description nginx is an HTTP server and mail proxy server that is available for a number of different platforms. A buffer underflow vulnerability exists in the...

Windows SMB version 2 vulnerability

Overview Microsoft Windows Vista and Server 2008 do not correctly parse SMB version 2 messages.This vulnerability could allow an attacker to execute arbitrary code. Description The Server Message Block version 2 SMBv2 protocol is the successor to the original SMB protocol. SMBv2 is available in...

Cyrus IMAPd buffer overflow vulnerability

Overview The Cyrus IMAP server contains a vulnerability that may allow an authenticated attacker to execute code. Description The Cyrus IMAP mail server supports the SIEVE mail filtering language. Cyrus IMAP versions 2.2 through 2.3.14 contain a buffer overflow vulnerability that may be triggered...

VMware VMnc AVI video codec image height heap overflow

Overview The VMware VMnc video codec fails to properly handle the image height value in AVI files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Several VMware products include the ability to create and play movies of running...

Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow

Overview The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description IIS is a web server that comes with Microsoft Windows. IIS also includes FTP server...

Libpurple buffer overflow vulnerability

Overview The Libpurple instant messenger library contains a vulnerability that may allow an attacker to execute arbitrary code. Description Libpurple is an instant messenger IM library that is used by various programs to connect to multiple networks. Libpurple contains a buffer overflow...

Acer AcerCtrls.APlunch ActiveX Control fails to properly restrict access to methods

Overview The Acer AcerCtrls.APlunch ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary commands on a vulnerable system. Description The Acer AcerCtrls.APlunch ActiveX control is provided by acerctrl.ocx. It contains a method called Run, which takes...

ISC BIND 9 vulnerable to denial of service via dynamic update request

Overview ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. It includes support f...

ActiveX controls built with Microsoft ATL fail to properly handle initialization data

Overview ActiveX controls that are built using a Microsoft ATL template may fail to properly handle initialization data, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Active Template Library ATL is a set of C++ classes...

Adobe Flash vulnerability affects Flash Player and other Adobe products

Overview Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Flash Player, Reader, Acrobat, and other products that include Flash support are affected. Description Adobe Flash is a widely deployed multimedi...

Microsoft Office Web Components Spreadsheet ActiveX control vulnerability

Overview The Microsoft Office Web Components Spreadsheet ActiveX controls OWC10 and OWC11 contain a vulnerability that may allow an attacker to take control of a vulnerable system. Description The Office Web Components Spreadsheet ActiveX control contains a code execution vulnerability. Public...

ISC DHCP dhclient stack buffer overflow

Overview The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provides a framework for passing...

Mozilla Firefox 3.5 TraceMonkey JavaScript engine uninitialized memory vulnerability

Overview Mozilla Firefox's javascript engine contains a vulnerability that may allow an attacker to execute code. Description Mozilla Firefox version 3.5 contains a vulnerability in the TraceMonkey components of Firefox's JavaScript engine.Per Mozilla Bug Bug 503286: "This is a JS engine bug...

XML signature HMAC truncation authentication bypass

Overview The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication. Description XML Signature Syntax and Processing XMLDsig is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services f...

Microsoft Video ActiveX control stack buffer overflow

Overview The Microsoft Video ActiveX control contains a stack buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows comes with an ActiveX component called "ActiveX control for streaming...

Foxit Reader contains multiple vulnerabilities in the processing of JPX data

Overview Foxit Reader contains multiple vulnerabilities that may allow an attacker to execute arbitrary code. Description Foxit Reader is software designed to view Portable Document Format PDF files. Foxit Reader contains multiple vulnerabilities in the handling of JPX JPEG2000 streams. These...

Adobe Reader contains multiple vulnerabilities in the processing of JPX data

Overview Adobe Reader and Acrobat contain multiple vulnerabilities that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF...

eBay Enhanced Picture Uploader ActiveX control vulnerable to arbitrary command execution

Overview The eBay Enhanced Picture Uploader ActiveX control allows arbitrary commands to be executed. Description The eBay Enhanced Picture Uploader ActiveX control is used by the eBay web site to give Internet Explorer users additional functionality when uploading pictures to an auction. This...

NSD vulnerable to one-byte overflow

Overview A vulnerability exists in the way NSD processes certain types of packets that may lead to a one-byte buffer overflow. Description Name server daemon NSD is an open source name server developed by NLnet Labs. NSD contains an off-by-one error that can cause a one-byte buffer overflow when...

Microsoft IIS WebDAV Remote Authentication Bypass

Overview A vulnerability exists in the way Microsoft Internet Information Server IIS handles unicode tokens that may allow authentication bypass. Description Web-based Distributed Authoring and Versioning WebDAV is a set of HTTP extensions that allow collaborative management and editing of files...

ntpd autokey stack buffer overflow

Overview ntpd contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time wit...

Cyrus SASL library buffer overflow vulnerability

Overview The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash. Description SASL Simple Authentication and Security Layer is a method for adding authentication support to various protocols. SASL is...

NuPoint Messenger server transmits authentication credentials in plain text

Overview NuPoint Messenger is a unified communications product that connects to a Microsoft Exchange server. When communicating with the mail server, the NuPoint Messenger server transmits Exchange usernames and passwords in cleartext. Description The NuPoint Messenger server can connect to a...

Jetty HTTP server directory traversal vulnerability

Overview A vulnerability in the Jetty HTTP server could allow a remote attacker to gain access to files outside of the normal document tree. Description Jetty provides an HTTP server, HTTP client, and javax.servlet container. An error in the way canonical paths are interpreted in the HTTP server'...

Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities

Overview Adobe Reader and Acrobat contain vulnerabilities in the customDictionaryOpen and getAnnots JavaScript methods. Description Adobe Reader and the Adobe Acrobat family of software is designed to create, view, and edit Portable Document Format PDF files. Adobe Reader is widely deployed, and...

Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 data

Overview Xpdf and poppler contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Xpdf is an open source viewer for Portable Document Format PDF files. Several PDF viewing applications and libraries, such a...

Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control stack buffer overflows

Overview The Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Whale Communications Intelligent...

Particle Software IntraLaunch Application Launcher ActiveX control fails to restrict access to dangerous methods

Overview The Particle Software IntraLaunch Application Launcher ActiveX control allows arbitrary code execution. Description Particle Software IntraLaunch is an ActiveX control that "... allows web page links to execute anything from applications to associations such as Word or Acrobat PDF...

Microsoft Office PowerPoint code execution vulnerability

Overview Microsoft PowerPoint contains a vulnerability. If exploited, this vulnerability could allow an attacker to execute code. Description Microsoft Powerpoint is a component of Microsoft Office. Per Microsoft Security Advisory 969136: The vulnerability is caused when Microsoft Office PowerPoi...

SAP AG SAPgui EAI WebViewer3D ActiveX control stack buffer overflow

Overview The Siemens Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D ActiveX control, which comes with SAPgui, contains a stack buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SAP AG SAPgui includes an...

IBM Access Support ActiveX control stack buffer overflow

Overview The IBM Access Support ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The IBM Access Support ActiveX control has the ability to collect system information, such as make,...

Autonomy KeyView SDK buffer overflow vulnerability

Overview Autonomy KeyView SDK contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Autonomy KeyView SDK is a commercial software development kit SDK that includes file filtering libraries. A vulnerability exists in the way the SDK libraries...

PTK contains multiple vulnerabilities

Overview The PTK sleuthkit interface contains multiple vulnerabilities. If exploited, these vulnerabilities may allow an attacker to gain elevated privileges or conduct XSS attacks. Description PTK is an interface to the sleuthkit forensic tools that uses Apache, PHP and MySQL. PTK versions 1.0.0...

Microsoft Windows DNS Server response validation vulnerability

Overview The Microsoft Windows DNS server contains a response validation vulnerability. If successfully exploited, this vulnerability may allow an attacker to poison the affected DNS server's cache. Description The Domain Name System DNS is responsible for translating host names to IP addresses a...

libpng fails to properly initialize element pointers

Overview Libpng contains a vulnerability in the way element pointers are handled. Description A vulnerability in the way libpng handles element pointers may result in uninitialized element pointers. This vulnerability is due to an off-by-one error introduced in multiple functions in libpng-0.89c...

HP Virtual Rooms ActiveX control fails to restrict access to dangerous methods

Overview The HP Virtual Rooms ActiveX control contains methods that can be used to download and execute arbitrary code from an arbitrary server. Description HP Virtual Rooms is software for online collaboration. HP Virtual Rooms requires Internet Explorer, as one of the components is an ActiveX...

Intercepting proxy servers may incorrectly rely on HTTP headers to make connections

Overview Proxy servers running in interception mode "transparent" proxies that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Description HTTP Host Headers are defined in RFC 2616 and are often used to by web servers to allow multiple websit...

Adobe Reader and Acrobat JBIG2 buffer overflow vulnerability

Overview Adobe Reader and Acrobat contain a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view...

GE Fanuc Proficy HMI/SCADA iFIX uses insecure authentication techniques

Overview Vulnerabilities in the way GE Fanuc iFIX handles authentication could allow a remote attacker to log on to the system with elevated privileges. Description GE Fanuc iFIX is SCADA client/server software that includes a Human Machine Interface HMI componant and runs on Microsoft Windows CE...

RIM BlackBerry Application Web Loader ActiveX stack buffer overflow

Overview The RIM BlackBerry Application Web Loader ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RIM BlackBerry Application Web Loader is an ActiveX control that is used to loa...

Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge cross-site scripting vulnerability

Overview The Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge web interface contains a cross-site scripting vulnerability that may allow an attacker to spoof data or redirect end user's to other sites. Description The Rockwell Logix Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge uses ...

AREVA e-terrahabitat SCADA systems vulnerabilities

Overview AREVA e-terra habitat contains multiple vulnerabilities. Description AREVA e-terra habitat is a core component of the Energy Management system that provides real-time data and process management services. e-terra habitat contains vulnerabilities, including a buffer overflow. For more...

GoAhead WebServer information disclosure and authentication bypass vulnerabilities

Overview GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU975041. Description GoAhead WebServer contains vulnerabilities...

Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URL redirection vulnerability

Overview The Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge web interface contains a URL redirection vulnerability. Description The Rockwell Logix Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge uses a web interface to display log files and status information. This web interface...

Autonomy Ultraseek URL redirection vulnerability

Overview The Autonomy Ultraseek search engine contains a URL redirection vulnerability that may allow an attacker to redirect website users to other sites. Description The Autonomy Ultraseek search engine contains a URL redirection vulnerability in the /cs.html?url= paramater. The destination URL...

Symantec AppStream LaunchObj ActiveX control vulnerable to arbitrary code download and execution

Overview The Symantec AppStream LaunchObj ActiveX control contains methods that can be used to download and execute arbitrary code. Description Symantec AppStream is an application deployment framework for Microsoft Windows. One of the components of the AppStream Windows Client is an ActiveX...

MD5 vulnerable to collision attacks

Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...

Trend Micro HouseCall ActiveX control notifyOnLoadNative() uses previously free'd memory

Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll contains a "use-after-free" vulnerability. Usi...

Trend Micro HouseCall ActiveX control does not adequately validate update server parameters

Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll includes an update feature. A web page hosting...

Microsoft SQL Server fails to properly validate parameters to the sp_replwritetovarbin extended stored procedure

Overview A vulnerability in the Microsoft SQL Server spreplwritetovarbin extended stored procedure could allow an authenticated attacker to execute arbitrary code on an affected server. Description Some versions of Microsoft SQL Server contain a vulnerability in the spreplwritetovarbin stored...