Apple Safari automatically executes downloaded files based on Internet Explorer zone settings

Overview Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple Safari is a web browser that is available for OS X and Microsoft Windows platforms. Apple...

Deterministic Network Enhancer privilege escalation vulnerability

Overview The Deterministic Network driver contains a privilege escalation vulnerability, which can allow a local attacker to execute code with kernel privileges. Description Deterministic Networks provides a product called Deterministic Network Enhancer DNE, which extends the Microsoft Windows...

Novell iPrint Client ActiveX control stack buffer overflows

Overview The Novell iPrint Client ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Novell iPrint is a software printing solution that allows for printing over the internet. On...

SkyPortal contains multiple SQL injection vulnerabilities

Overview SkyPortal RC6 contains multiple SQL injection vulnerabilities which could allow a remote, unauthenticated attacker to gain access to the back-end database and to add, modify or remove data. Description SkyPortal is a modular web portal and online community system that includes web-based...

Citect CitectSCADA ODBC service buffer overflow

Overview Citect CitectSCADA contains a remotely accessible buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code. Description Citect CitectSCADA is software used for monitoring and control in Supervisory Control And Data Acquisition SCADA systems. A buffer...

BackWeb Lite Install Runner ActiveX stack buffer overflows

Overview The BackWeb Lite Install Runner ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description BackWeb Lite Install Runner is an ActiveX control that is used to install software on...

SNMPv3 improper HMAC validation allows authentication bypass

Overview A vulnerability in the way implementations of SNMPv3 handle specially crafted packets may allow authentication bypass. Description SNMP can be configured to utilize version 3, which is the current standard version of SNMP. SNMPv3 incorporates security features such as authentication and...

Apple QuickTime "file: URL" arbitrary code execution

Overview Apple QuickTime does not properly handle "file: URLs" which may allow an attacker to execute arbitrary code. Description Apple QuickTime is a multiplatform multimedia software architecture which provides file format converters for more than 250 common image, video, and audio file...

Icon Labs SSH server vulnerabilities

Overview The Icon Labs Iconfidant SSH server contails multiple vulnerabilities. The most severe of these issues may allow an attacker to cause a vulnerable system to crash. Description The Iconfident SSH is a Secure Shell SSH server that runs on VxWorks-based systems. Versions of the Iconfident...

HP Online Support Services ActiveX GetFileTime() buffer overflow

Overview HP Online Support Services contains the function GetFileTime, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Services provides online product support services including ...

HP Online Support Services ActiveX RegistryString() buffer overflow

Overview HP Online Support Services contains the function RegistryString, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Services provides online product support services includi...

HP Online Support Services ActiveX ExtractCab() buffer overflow

Overview HP Online Support Services contains the function ExtractCab, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system in the context of the local user. Description HP Services provides online...

HP Online Support Services ActiveX DeleteSingleFile() arbitrary file deletion

Overview The HP Online Support Services ActiveX control contains a method called DeleteSingleFile. This may allow a remote, unauthenticated attacker to remove files from a vulnerable system. Description HP Services provides online product support services including HP Instant Support. The...

HP Online Support Services ActiveX MoveFile() buffer overflow

Overview HP Online Support Services contains the function MoveFile, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Services provides online product support services including HP...

HP Online Support Services ActiveX AppendStringToFile() arbitrary file writing

Overview The HP Online Support Services ActiveX control contains a method called AppendStringToFile. This may allow a remote, unauthenticated attacker to write to files on a vulnerable system. Description HP Services provides online product support services including HP Instant Support. The...

HP Online Support Services ActiveX DownloadFile() arbitrary file download

Overview The HP Online Support Services ActiveX control contains a method called DownloadFile. This may allow a remote, unauthenticated attacker to download files to the location of the ActiveX control. Description HP Services provides online product support services including HP Instant Support...

HP Online Support Services ActiveX StartApp() arbitrary code execution

Overview The HP Online Support Services ActiveX control contains a method called StartApp. This may allow a remote, unauthenticated attacker to execute local files on a vulnerable system in the context of the local user. Description HP Services provides online product support services including H...

OpenSSL TLS handshake Denial of Service

Overview A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service. Description OpenSSL contains a vulnerability in the way specially crafted TLS handshake packets are handled that may result in a denial of service. According to OpenSSL Security Advisory...

OpenSSL Server Name extension Denial of Service

Overview A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service. Description OpenSSL contains a vulnerability in the way server name extension data is handled that may result in a denial of service. According to OpenSSL Security Advisory 28-Mar-2008:If...

GnuTLS Pad Length Denial of Service

Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a sequence of specially crafted packets. According to CERT-FI Vulnerability...

Apple Help Viewer vulnerable to buffer overflow

Overview A vulnerability in the way Apple Help Viewer handles specially crafted URLs may allow an attacker to execute arbitrary code or cause a denial of service. Description According to Apple Security Update 2008-003: An integer underflow in Help Viewer's handling of help:topic URLs may result ...

GnuTLS Client Hello repeat Denial of Service

Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted TLS packet that contains multiple Client Hello messages...

GnuTLS Server Name extension Denial of Service

Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted Client Hello message. According to CERT-FI Vulnerability...

Motorola Good Mobile Messaging insecure file deletion

Overview When formating removable storage cards, Motorola Good Mobile Messaging products may not properly delete old data. Description Motorola Good Mobile Messaging products can create encrypted containers on removable media storage cards. During the process of creating the container old...

Foxit Reader buffer overflow vulnerability

Overview Foxit Reader contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Foxit Reader is a PDF reader that is available on multiple operating systems.From the Secuia Research advisory Foxit Reader "util.printf" Buffer Overflow: S ecunia...

Adobe Flash player code execution vulnerability

Overview Adobe Flash contains a vulnerability that may allow an attacker to run code on a system that has a vulnerable version of the Flash player installed. There are reports that this vulnerability is being actively exploited. Description The Adobe Flash Player is a player for the Flash media...

Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX stack buffer overflows

Overview The Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies, which was formerly known as NCT...

Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX stack buffer overflows

Overview The Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies, which was formerly known as NCT...

Creative Software AutoUpdate Engine ActiveX stack buffer overflow

Overview The Creative Labs AutoUpdate Engine ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Creative Software AutoUpdate Engine ActiveX control is a component that provides...

FireFTP filename directory traversal sequence vulnerability

Overview The FireFTP Mozilla Firefox extension contains a vulnerability that may allow an attacker to write files to arbitrary locations. Description FireFTP is a Firefox extension that provides FTP client functionality. Firefox extensions can run with Chrome privileges which allow them to...

PhotoStockPlus Uploader Tool ActiveX stack buffer overflows

Overview The PhotoStockPlus Uploader Tool ActiveX control contains several stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description PhotoStockPlus provides an image uploader ActiveX control, which is provided by the...

Debian and Ubuntu OpenSSL packages contain a predictable random number generator

Overview A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Description A weakness exists in the random number generator used by the OpenSSL package included with the Debian GNU/Linux...

Microsoft Office fails to properly handle specially crafted Rich Text Format files

Overview A vulnerability in the way Microsoft Office handles Rich Text Format files may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing malformed strings contained in specially crafted Rich Text Format .rtf files...

Microsoft Outlook Web Access not may use correct HTTP directive

Overview Some versions of Outlook Web Access OWA may use the no-cache instead of the no-store HTTP 1.1 directive. This results in web browsers caching sensitive information. Description Some versions of Outlook Web Access may use the Cache-Control: no-cache HTTP 1.1 directive. From RFC 2616: If t...

Microsoft Internet Explorer 7 DisableCachingOfSSLPages may not prevent caching

Overview Setting the Internet Explorer 7 option DisableCachingOfSSLPages may not prevent the caching of SSL-enabled web pages. Description Administrators and users can set the Internet Explorer DisableCachingOfSSLPages option to prevent sensitive or private data from being saved to disk. The...

CA Unicenter DSM ITRM Legends ActiveX integer overflow

Overview The CA Unicenter DSM ITRM Legends ActiveX control contains an integer overflow vulnerability, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description CA Unicenter DSM ITRM Legends is an ActiveX control that is included with multiple CA products. Th...

PHP path translation vulnerability

Overview PHP contains a path translation vulnerability that may allow an attacker to execute arbitrary code. Description PHP is a scripting language that is designed for web-based applications and can be imbedded directly into HTML.PHP versions prior to 5.2.6 contain a path translation...

Wonderware SuiteLink null pointer dereference

Overview A vulnerability in the way Wonderware SuiteLink handles malformed TCP packets could result in a denial of service. Description Wonderware SuiteLink is a protocol based on TCP/IP that runs as a service listening for connections on port 5413/tcp on Microsoft Windows operating systems. A...

BGP implementations do not properly handle UPDATE messages

Overview BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability...

cPanel XSRF vulnerabilities

Overview cPanel contains multiple cross-site request forgery XSRF vulnerabilities. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary commands. Description cPanel, a web-based tool that is designed to automate and control web sites and servers, contains...

Motorola Surfboard cable modem cross-site request forgery vulnerability

Overview Motorola Surfboard cable modems may contain a cross-site request forgery vulnerability that allows an attacker to cause an affected modem to reboot or reload its configuration. Description Cable modems are designed to deliver broadband Internet access via unused bandwidth on a cable...

Adobe Flash Player integer overflow vulnerability

Overview Adobe Flash contains an integer overflow vulnerability. This vulnerability may allow an attacker to execute code on an affected system. Description The Adobe Flash Player is a player for the Flash media format and enables frame-based animations and multimedia to be viewed within a web...

CUPS integer overflow vulnerability

Overview CUPS contains an integer overflow that may allow a remote attacker to cause a vulnerable system to crash. Description The Common Unix Printing System CUPS is a print server that is used and distributed by many Unix-like operating systems. CUPS contains an integer overflow vulnerability...

Microsoft HeartbeatCtl ActiveX control buffer overflow

Overview The Microsoft HeartbeatCtl ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft HeartbeatCtl ActiveX control is used to play multiplayer games on the MSN Games website. T...

ClamAV upack heap buffer overflow vulnerability

Overview The ClamAV anti-virus scanner contains a vulnerability that may allow an attacker to execute code or cause ClamAV to crash. Description The Portable Executable PE file format is a file format for executable files that is used in Microsoft Windows. PE files can be packed with executable...

Apple Safari fails to properly handle a file name

Overview A vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service. Description According to Apple Safari 3.1.1:A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a malicious...

Apple Safari WebKit fails to properly handle a crafted URL

Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute script in the context of another site.. Description According to Apple Safari 3.1.1: An issue exists in WebKit's handling of URLs containing a colon character in the host name. Openi...

Mozilla Firefox JavaScript engine fails to properly handle garbage collection

Overview Mozilla Firefox JavaScript engine fails to properly handle garbage collection. This vulnerability result in memory corruption, which in some cases may be exploitable to execute arbitrary code. Description Per Mozilla Foundation Security Advisory 2008-20:Fixes for security problems in the...

Ruby WEBrick vulnerable to directory traversal

Overview Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash \ path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory. Description WEBrick is a Ruby library program to build HTTP servers...

Microsoft GDI buffer overflow vulnerability

Overview The Microsoft GDI contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The Graphics Device Interface GDI is component of the Microsoft Windows user interface. Windows Metafile WMF and Enhanced Metafile EMF are image file formats...