3702 matches found
Microsoft Internet Explorer CSS style element vulnerability
Overview Microsoft Internet Explorer IE does not safely reference CSS style elements. Using a specially crafted HTML page, an attacker can cause IE to crash and potentially execute arbitrary code. Description IE contains a vulnerability in the way it references CSS style elements. Processing a...
TCP may keep its offered receive window closed indefinitely (RFC 1122)
Overview Part of the Transmission Control Protocol TCP specification RFC 1122 allows a receiver to advertise a zero byte window, instructing the sender to maintain the connection but not send additional TCP payload data. The sender should then probe the receiver to check if the receiver is ready ...
Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32
Overview Wyse Simple Imager WSI includes older versions version of TFTPD32 that contains publicly known vulnerabilities. An attacker could exploit these vulnerabilities to potentially execute arbitrary code on the system running WSI and TFTPD32. Description Wyse Simple Imager WSI is a component o...
SSL and TLS protocols renegotiation vulnerability
Overview A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation...
Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities
Overview Wyse Device Manager WDM Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems. Description Wyse Device Manager WDM, formerly known as Wyse Rapport manages thin clients. Part of the server...
Adobe Acrobat and Reader contain vulnerabilities in multiple Document Object JavaScript methods
Overview A vulnerability in the way Adobe Acrobat and Reader enforce privileges on JavaScript in PDF files could allow arbitrary files to be written to the local file system of an affected system. Description Adobe Reader and the Adobe Acrobat family of software are designed to create, view, and...
Wireshark Endace ERF unsigned integer wrap vulnerability
Overview Wireshark contains an unsigned integer wrap vulnerability that may occur when parsing Endace Extensible Record Format ERF files. Description Wireshark is a protocol analyzer that can open or import previously saved files. When processing an Endace ERF file an unsigned integer wrap...
Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability
Overview A vulnerability in the nginx web server may allow remote attackers to execute arbitrary code on an affected system. Description nginx is an HTTP server and mail proxy server that is available for a number of different platforms. A buffer underflow vulnerability exists in the...
Windows SMB version 2 vulnerability
Overview Microsoft Windows Vista and Server 2008 do not correctly parse SMB version 2 messages.This vulnerability could allow an attacker to execute arbitrary code. Description The Server Message Block version 2 SMBv2 protocol is the successor to the original SMB protocol. SMBv2 is available in...
Cyrus IMAPd buffer overflow vulnerability
Overview The Cyrus IMAP server contains a vulnerability that may allow an authenticated attacker to execute code. Description The Cyrus IMAP mail server supports the SIEVE mail filtering language. Cyrus IMAP versions 2.2 through 2.3.14 contain a buffer overflow vulnerability that may be triggered...
VMware VMnc AVI video codec image height heap overflow
Overview The VMware VMnc video codec fails to properly handle the image height value in AVI files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Several VMware products include the ability to create and play movies of running...
Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow
Overview The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description IIS is a web server that comes with Microsoft Windows. IIS also includes FTP server...
Libpurple buffer overflow vulnerability
Overview The Libpurple instant messenger library contains a vulnerability that may allow an attacker to execute arbitrary code. Description Libpurple is an instant messenger IM library that is used by various programs to connect to multiple networks. Libpurple contains a buffer overflow...
Acer AcerCtrls.APlunch ActiveX Control fails to properly restrict access to methods
Overview The Acer AcerCtrls.APlunch ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary commands on a vulnerable system. Description The Acer AcerCtrls.APlunch ActiveX control is provided by acerctrl.ocx. It contains a method called Run, which takes...
ISC BIND 9 vulnerable to denial of service via dynamic update request
Overview ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. It includes support f...
ActiveX controls built with Microsoft ATL fail to properly handle initialization data
Overview ActiveX controls that are built using a Microsoft ATL template may fail to properly handle initialization data, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Active Template Library ATL is a set of C++ classes...
Adobe Flash vulnerability affects Flash Player and other Adobe products
Overview Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Flash Player, Reader, Acrobat, and other products that include Flash support are affected. Description Adobe Flash is a widely deployed multimedi...
Microsoft Office Web Components Spreadsheet ActiveX control vulnerability
Overview The Microsoft Office Web Components Spreadsheet ActiveX controls OWC10 and OWC11 contain a vulnerability that may allow an attacker to take control of a vulnerable system. Description The Office Web Components Spreadsheet ActiveX control contains a code execution vulnerability. Public...
XML signature HMAC truncation authentication bypass
Overview The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication. Description XML Signature Syntax and Processing XMLDsig is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services f...
ISC DHCP dhclient stack buffer overflow
Overview The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provides a framework for passing...
Mozilla Firefox 3.5 TraceMonkey JavaScript engine uninitialized memory vulnerability
Overview Mozilla Firefox's javascript engine contains a vulnerability that may allow an attacker to execute code. Description Mozilla Firefox version 3.5 contains a vulnerability in the TraceMonkey components of Firefox's JavaScript engine.Per Mozilla Bug Bug 503286: "This is a JS engine bug...
Microsoft Video ActiveX control stack buffer overflow
Overview The Microsoft Video ActiveX control contains a stack buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows comes with an ActiveX component called "ActiveX control for streaming...
Foxit Reader contains multiple vulnerabilities in the processing of JPX data
Overview Foxit Reader contains multiple vulnerabilities that may allow an attacker to execute arbitrary code. Description Foxit Reader is software designed to view Portable Document Format PDF files. Foxit Reader contains multiple vulnerabilities in the handling of JPX JPEG2000 streams. These...
Adobe Reader contains multiple vulnerabilities in the processing of JPX data
Overview Adobe Reader and Acrobat contain multiple vulnerabilities that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF...
eBay Enhanced Picture Uploader ActiveX control vulnerable to arbitrary command execution
Overview The eBay Enhanced Picture Uploader ActiveX control allows arbitrary commands to be executed. Description The eBay Enhanced Picture Uploader ActiveX control is used by the eBay web site to give Internet Explorer users additional functionality when uploading pictures to an auction. This...
NSD vulnerable to one-byte overflow
Overview A vulnerability exists in the way NSD processes certain types of packets that may lead to a one-byte buffer overflow. Description Name server daemon NSD is an open source name server developed by NLnet Labs. NSD contains an off-by-one error that can cause a one-byte buffer overflow when...
Microsoft IIS WebDAV Remote Authentication Bypass
Overview A vulnerability exists in the way Microsoft Internet Information Server IIS handles unicode tokens that may allow authentication bypass. Description Web-based Distributed Authoring and Versioning WebDAV is a set of HTTP extensions that allow collaborative management and editing of files...
ntpd autokey stack buffer overflow
Overview ntpd contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time wit...
Cyrus SASL library buffer overflow vulnerability
Overview The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash. Description SASL Simple Authentication and Security Layer is a method for adding authentication support to various protocols. SASL is...
NuPoint Messenger server transmits authentication credentials in plain text
Overview NuPoint Messenger is a unified communications product that connects to a Microsoft Exchange server. When communicating with the mail server, the NuPoint Messenger server transmits Exchange usernames and passwords in cleartext. Description The NuPoint Messenger server can connect to a...
Jetty HTTP server directory traversal vulnerability
Overview A vulnerability in the Jetty HTTP server could allow a remote attacker to gain access to files outside of the normal document tree. Description Jetty provides an HTTP server, HTTP client, and javax.servlet container. An error in the way canonical paths are interpreted in the HTTP server'...
Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities
Overview Adobe Reader and Acrobat contain vulnerabilities in the customDictionaryOpen and getAnnots JavaScript methods. Description Adobe Reader and the Adobe Acrobat family of software is designed to create, view, and edit Portable Document Format PDF files. Adobe Reader is widely deployed, and...
Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 data
Overview Xpdf and poppler contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Xpdf is an open source viewer for Portable Document Format PDF files. Several PDF viewing applications and libraries, such a...
Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control stack buffer overflows
Overview The Microsoft Whale Intelligent Application Gateway Whale Client Components ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Whale Communications Intelligent...
Particle Software IntraLaunch Application Launcher ActiveX control fails to restrict access to dangerous methods
Overview The Particle Software IntraLaunch Application Launcher ActiveX control allows arbitrary code execution. Description Particle Software IntraLaunch is an ActiveX control that "... allows web page links to execute anything from applications to associations such as Word or Acrobat PDF...
Microsoft Office PowerPoint code execution vulnerability
Overview Microsoft PowerPoint contains a vulnerability. If exploited, this vulnerability could allow an attacker to execute code. Description Microsoft Powerpoint is a component of Microsoft Office. Per Microsoft Security Advisory 969136: The vulnerability is caused when Microsoft Office PowerPoi...
SAP AG SAPgui EAI WebViewer3D ActiveX control stack buffer overflow
Overview The Siemens Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D ActiveX control, which comes with SAPgui, contains a stack buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SAP AG SAPgui includes an...
IBM Access Support ActiveX control stack buffer overflow
Overview The IBM Access Support ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The IBM Access Support ActiveX control has the ability to collect system information, such as make,...
Autonomy KeyView SDK buffer overflow vulnerability
Overview Autonomy KeyView SDK contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Autonomy KeyView SDK is a commercial software development kit SDK that includes file filtering libraries. A vulnerability exists in the way the SDK libraries...
PTK contains multiple vulnerabilities
Overview The PTK sleuthkit interface contains multiple vulnerabilities. If exploited, these vulnerabilities may allow an attacker to gain elevated privileges or conduct XSS attacks. Description PTK is an interface to the sleuthkit forensic tools that uses Apache, PHP and MySQL. PTK versions 1.0.0...
Microsoft Windows DNS Server response validation vulnerability
Overview The Microsoft Windows DNS server contains a response validation vulnerability. If successfully exploited, this vulnerability may allow an attacker to poison the affected DNS server's cache. Description The Domain Name System DNS is responsible for translating host names to IP addresses a...
libpng fails to properly initialize element pointers
Overview Libpng contains a vulnerability in the way element pointers are handled. Description A vulnerability in the way libpng handles element pointers may result in uninitialized element pointers. This vulnerability is due to an off-by-one error introduced in multiple functions in libpng-0.89c...
HP Virtual Rooms ActiveX control fails to restrict access to dangerous methods
Overview The HP Virtual Rooms ActiveX control contains methods that can be used to download and execute arbitrary code from an arbitrary server. Description HP Virtual Rooms is software for online collaboration. HP Virtual Rooms requires Internet Explorer, as one of the components is an ActiveX...
Intercepting proxy servers may incorrectly rely on HTTP headers to make connections
Overview Proxy servers running in interception mode "transparent" proxies that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Description HTTP Host Headers are defined in RFC 2616 and are often used to by web servers to allow multiple websit...
Adobe Reader and Acrobat JBIG2 buffer overflow vulnerability
Overview Adobe Reader and Acrobat contain a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view...
GE Fanuc Proficy HMI/SCADA iFIX uses insecure authentication techniques
Overview Vulnerabilities in the way GE Fanuc iFIX handles authentication could allow a remote attacker to log on to the system with elevated privileges. Description GE Fanuc iFIX is SCADA client/server software that includes a Human Machine Interface HMI componant and runs on Microsoft Windows CE...
RIM BlackBerry Application Web Loader ActiveX stack buffer overflow
Overview The RIM BlackBerry Application Web Loader ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RIM BlackBerry Application Web Loader is an ActiveX control that is used to loa...
Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URL redirection vulnerability
Overview The Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge web interface contains a URL redirection vulnerability. Description The Rockwell Logix Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge uses a web interface to display log files and status information. This web interface...
Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge cross-site scripting vulnerability
Overview The Rockwell ControlLogix 1756-ENBT/A EtherNet/IP Bridge web interface contains a cross-site scripting vulnerability that may allow an attacker to spoof data or redirect end user's to other sites. Description The Rockwell Logix Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge uses ...
GoAhead WebServer information disclosure and authentication bypass vulnerabilities
Overview GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU975041. Description GoAhead WebServer contains vulnerabilities...