3702 matches found
AREVA e-terrahabitat SCADA systems vulnerabilities
Overview AREVA e-terra habitat contains multiple vulnerabilities. Description AREVA e-terra habitat is a core component of the Energy Management system that provides real-time data and process management services. e-terra habitat contains vulnerabilities, including a buffer overflow. For more...
Autonomy Ultraseek URL redirection vulnerability
Overview The Autonomy Ultraseek search engine contains a URL redirection vulnerability that may allow an attacker to redirect website users to other sites. Description The Autonomy Ultraseek search engine contains a URL redirection vulnerability in the /cs.html?url= paramater. The destination URL...
Symantec AppStream LaunchObj ActiveX control vulnerable to arbitrary code download and execution
Overview The Symantec AppStream LaunchObj ActiveX control contains methods that can be used to download and execute arbitrary code. Description Symantec AppStream is an application deployment framework for Microsoft Windows. One of the components of the AppStream Windows Client is an ActiveX...
MD5 vulnerable to collision attacks
Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...
Trend Micro HouseCall ActiveX control does not adequately validate update server parameters
Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll includes an update feature. A web page hosting...
Trend Micro HouseCall ActiveX control notifyOnLoadNative() uses previously free'd memory
Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll contains a "use-after-free" vulnerability. Usi...
Microsoft SQL Server fails to properly validate parameters to the sp_replwritetovarbin extended stored procedure
Overview A vulnerability in the Microsoft SQL Server spreplwritetovarbin extended stored procedure could allow an authenticated attacker to execute arbitrary code on an affected server. Description Some versions of Microsoft SQL Server contain a vulnerability in the spreplwritetovarbin stored...
Microsoft WordPad Text Converter vulnerable to remote code execution
Overview The WordPad Text Converter for Word 97 files included in some versions of Windows contains an unspecified error which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft WordPad is a text editor included by default with the...
Microsoft Internet Explorer data binding memory corruption vulnerability
Overview Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains an invalid pointer vulnerability in its da...
Microsoft Vista and Server 2008 vulnerable to memory corruption via saved search
Overview Microsoft Windows Vista and Server 2008 contain a memory corruption vulnerability when saving a specially crafted search file. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description In Windows Vista and Server 2008,...
Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control stack buffer overflow
Overview The Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Linksys WVC54GC wireless video camera provides an ActiveX control called...
Linksys WVC54GC wireless video camera vulnerable to information disclosure
Overview The Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a...
RealFlex RealWin buffer overflow
Overview RealFlex RealWin demo version contains a vulnerability in the way "FCINFOTAG/SETCONTROL" packets are processed. Description RealFlex RealWin is SCADA server software that includes a Human Machine Interface HMI componant and runs on Microsoft Windows 2000 or XP. The demo version of RealWi...
SSH CBC vulnerability
Overview A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext. Description The Secure Shell SSH is a network protocol that creates a secure channel between two networked devices in order to allow data to be exchange...
PHPCow file inclusion vulnerability
Overview Older versions of PHPCow contain a file inclusion vulnerability that could allow an attacker to take control of a vulnerable application. Description PHPCow is a content management system that uses PHP. Older versions of PHP contain a file inclusion vulnerability. We are aware of reports...
Trend Micro ServerProtect contains multiple vulnerabilities
Overview Trend Micro ServerProtect contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash. Description Trend Micro ServerProtect is designed to detect and remove viruses from files...
SAP AG SAPgui MDrmSap ActiveX control code execution vulnerability
Overview The MDrmSap ActiveX control, which is provide with the SAP AG SAPgui software, contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SAPgui is a graphical user interface client for SAP software. One of the...
Adobe Reader and Acrobat util.printf() JavaScript function stack buffer overflow
Overview Adobe Reader and Acrobat contain a stack buffer overflow in the util.printf JavaScript function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Reader is software designed to view Portable Document Format PDF files...
Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability
Overview Automated Solutions Modbus TCP Slave ActiveX Control contains a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service. Description Automated Solutions Modbus TCP Slave ActiveX Control fails to properly process malformed "Modbus" requests to...
libspf2 DNS TXT record parsing buffer overflow
Overview libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. Description libspf2 is a widely-deployed implementation of the Sender Policy Framework. According to RFC 4408: An SPF record is a DNS Resource Record RR that declares which hosts are, and are not,...
Microsoft Server service RPC stack buffer overflow vulnerability
Overview A stack buffer overflow vulnerability in the Microsoft Windows Server service may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Description MS08-067 includes the following information about the Microsoft Server service:The Server service...
Microsoft Windows Internet Printing Protocol service integer overflow
Overview The Microsoft Windows Internet Printing Protocol IPP service contains an integer overflow vulnerability, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description IPP is an IP-based network protocol that allows remote printing and printer management...
Husdawg, LLC Systems Requirements Lab ActiveX control and Java applet vulnerable to arbitrary code download and execution
Overview The Husdawg, LLC. System Requirements Lab ActiveX control and Java applet allow an unauthenticated remote attacker to download and execute arbitrary code. Description Husdawg, LLC. provides an ActiveX control and signed Java Applet that are used for benchmarking the capabilities of a PC...
Gear Software CD DVD Filter driver privilege escalation vulnerability
Overview The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allow an attacker to gain SYSTEM privileges. Description Gear Software provides a driver called CD DVD Filter, which is provided by GEARAspiWDM.sys. This driver is used by multiple CD/DVD...
iseemedia / Roxio / MGI Software LPViewer ActiveX control stack buffer overflows
Overview The iseemedia LPViewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The iseemedia LPViewer ActiveX control, which is provided by the file LPControl.dll, is a...
IPv6 implementations insecurely update Forwarding Information Base
Overview A vulnerability in some implementations of the IPv6 Neighbor Discovery Protocol may allow a nearby attacker to intercept traffic or cause congested links to become overloaded. Description IPv6 networks use the Neighbor Discovery Protocol NDP to detect and locate routers and other on-link...
libpng off-by-one vulnerability
Overview A vulnerability exists in libpng that may allow a remote attacker to cause a denial of service. Description A vulnerability in the way libpng handles files that contain multiple zTXt chunks may cause a denial of service. This vulnerability is due to an off-by-one error introduced in the...
ABB PCU400 vulnerable to buffer overflow
Overview ABB PCU400 contains a vulnerability which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The ABB PCU400 application serves as a communication gateway between RTUs that use the IEC-870-5-104 protocol and the SCADA server. The...
InstallShield Update Service Agent ActiveX control memory corruption
Overview The InstallShield Update Service ActiveX control contains a memory corruption vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The InstallShield Update Service contains an ActiveX control called Update Service...
LANDesk QIP service buffer overflow vulnerability
Overview The LANDesk Management Suite Intel QIP service contains a buffer overflow vulnerability. Description The LANDesk Intel QIP Server Service is used to configure policy management. The Intel QIP service allows LANDesk Agents to report status and make certain software requests. A buffer...
InstallShield / Macrovision / Acresso FLEXnet Connect insecurely retrieves and executes scripts
Overview Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Acresso FLEXnet Connect is a software package that allows vendors to provide...
Apple Mac OS X file sharing allows authenticated remote access to files and directories
Overview Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. Description Apple Mac OS X Leopard 10.5.x allows files and directories to be shared via a "Shared Folders" feature. OS X lists the folders that are shared using this feature, however...
TWiki command execution vulnerability
Overview The TWiki wiki software fails to validate input passed to certain URLs. By accessing a URL containing the TWiki configuration script, an attacker may be able to read arbitrary files. Description TWiki is a wiki that is runs in the context of the Apache web server. TWiki is installed by...
Windows Media Encoder WMEX.DLL ActiveX Control buffer overflow
Overview The WMEX.DLL ActiveX control, which is installed by Windows Media Encoder 9 Series, contains a buffer overflow vulnerability. Description According to Microsoft, the Windows Media Encoder is a tool used to capture audio and video content using Windows Media. The WMEX.DLL ActiveX control...
NetBSD malformed ICMPv6 MLD-QUERY denial of service
Overview NetBSD fails to properly handle ICMPv6 MLD query packets, which can allow a remote, unauthenticated attacker to cause a denial of service. Description ICMPv6, which is defined in RFC 4443, is a version of the ICMP protocol for IPv6. Multicast Listener Discovery MLD for IPv6, which is...
Google SAML Single Sign on vulnerability
Overview The SAML Single Sign-On SSO Service for Google Apps contained a vulnerability that could have allowed an attacker to gain access to a user's Google account. Description The Security Assertion Markup Language SAML is a standard for transmitting authentication data between two or more...
SoftArtisans XFile FileManager ActiveX control stack buffer overflows
Overview The SoftArtisans XFile FileManager ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SoftArtisans XFile is an ActiveX file transfer application. The XFile FileManager...
Apache Tomcat UTF8 Directory Traversal Vulnerability
Overview Apache Tomcat contains a vulnerability that may allow directory traversal. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability in the way malformed requests are handled. According to the Apache...
Postfix local privilege escalation
Overview The Postfix MTA contains a local privilege escalation vulnerability. Description Postfix is an mail transport agent MTA that is used by several Unix-like operating systems. Symbolic links and hard links are types of files that reference other files. Unlike hard links, symbolic links can...
Intrinsic Swimage Encore does not securely manage login credentials
Overview Intrinsic Swimage Encore has an unencrypted, hardcoded, default password that could allow an attacker access to protected data. Description Intrinsic Swimage Encore automates remote desktop, server, and device deployment. This product includes both a server and a client solution. The...
Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflow
Overview The WebexUCFObject ActiveX control, which comes with Cisco WebEx Meeting Manager, contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Cisco WebEx is an online meeting and collaboration software...
Microsoft Color Management System (MSCMS) module remote code execution
Overview The Microsoft Color Management System MSCMS module for the Microsoft ICM component is vulnerable to a remote code execution vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft, the Microsoft...
Apache mod_proxy_ftp XSS vulnerability
Overview The Apache web server modproxyftp module contains a cross-site scripting XSS vulnerability. Description The Apache modproxyftp module allows the Apache web server to act as a proxy for FTP sites. Filename globbing is the process of using wildcards to match filenames. The modproxyftp modu...
Oracle Weblogic Apache connector vulnerable to buffer overflow
Overview Oracle Weblogic formerly BEA Weblogic contains a vulnerability which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Weblogic Server and Weblogic Express applicaiton servers can be integrated with the Apache webserver usin...
RealNetworks RealPlayer Shockwave Flash (SWF) file vulnerability
Overview RealNetworks RealPlayer fails to properly handle frames within Shockwave Flash SWF files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RealNetworks RealPlayer application provides support for the SWF file format. A...
RealPlayer file deletion overflow vulnerability
Overview RealPlayer contains a buffer overflow vulnerability that may allow an attacker to execute code on a vulnerable system. Description RealPlayer media player that is distributed by RealNetworks. RealPlayer supports streaming and local media. Per the Zero Day Initiative advisory ZDI-08-046:...
NetApp Data ONTAP contains multiple vulnerabilities
Overview NetApp Data ONTAP contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash. Description NetApp Data ONTAP contains multiple undisclosed vulnerabilities. --- Impact A remote,...
BlackBerry Attachment Service PDF distiller vulnerable to arbitrary code execution
Overview The PDF Distiller service that is provided with BlackBerry Enterprise Server contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The BlackBerry Attachment Service is a component of the BlackBerry...
Mozilla Firefox command line URI handling vulnerability
Overview Mozilla Firefox contains a vulnerability that may allow an attacker to bypass security restrictions by opening specially crafted URIs using the Firefox command line interface. Description Mozilla Firefox can process URIs from its command line interface that can be accessed by users or...
Multiple DNS implementations vulnerable to cache poisoning
Overview Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Description The Domain Name System DNS is responsible for translating host names to IP addresses and vice versa and is critical for the normal operation of internet-connected systems...