3695 matches found
Microsoft Office Project vulnerable to remote code execution via specially crafted Project file
Overview A vulnerability in the way Microsoft Office Project parses files may lead to execution of arbitrary code. Description Microsoft Office Project contains a vulnerability that could be exploited when Project attempts to parse specially crafted files. According to Microsoft Security Bulletin...
C compilers may silently discard some wraparound checks
Overview Some C compilers optimize away pointer arithmetic overflow tests that depend on undefined behavior without providing a diagnostic a warning. Applications containing these tests may be vulnerable to buffer overflows if compiled with these compilers. Description In the C language, given th...
Nik Software Sharpener Pro vulnerable to privilege escalation
Overview The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges. Description Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets...
Mozilla JavaScript privilege escalation
Overview Mozilla products contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code. Description Mozilla Firefox, Thunderbird, and SeaMonkey do not properly handle JavaScript, which may allow privilege escalation and execution of arbitrary code o...
Cisco IOS denial-of-service vulnerability
Overview A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. Description The Cisco Internetwork Operating System IOS includes support for processing Internet Protocol version 6 IPv6 packets.Per Cisco Advisory...
Adobe Flash Player may load arbitrary, malformed cross-domain policy files
Overview Adobe Flash Player may load arbitrary, malformed cross-domain policy files. This could allow an attacker to control cross-domain data loading, potentially allowing the attacker to gain access to sensitive information or to manipulate content in other domains. Description Adobe Flash Play...
Microsoft Jet Engine stack buffer overflow
Overview The Microsoft Jet Engine contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Jet, or Joint Engine Technology, is a database engine that is used by several Microsoft products, includin...
AirSpan Base Station Distribution Unit default root password
Overview AirSpan Base Station Distribution Units may contain an undocumented telnet server that authenticates via a known password and is enabled by default. Description From the AirSpan MicroMax product page:The base station is highly modular in design and is composed of two main components: the...
libarchive does not properly terminate loop
Overview libarchive contains a vulnerability that may allow an attacker to cause a denial of service. Description The libarchive library provides an interface for reading and writing archive files.There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an...
Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value
Overview Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value, which may prevent Windows from effectively disabling AutoRun and AutoPlay features. Description AutoRun, which was introduced with Windows 95, is a feature that causes Windows to automatically take an actio...
MIT Kerberos krb4-enabled KDC contains multiple vulnerabilities
Overview Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service. Description Several vulnerabilities exist in the Authentication Service and Key Distributio...
Apple Safari vulnerable to xss via the processing of JavaScript URLs
Overview A vulnerability in the way Apple Safari handles JavaScript URLs may allow execution of JavaScript in the context of another site. Description Apple Safari contains a vulnerability that may cause a cross-site script injection when processing JavaScript URLs. According to Apple Security...
X.Org PCF font parser buffer overflow
Overview A vulnerability in the X.Org server could allow a remote attacker to execute arbitrary code on an affected system. Description The X.Org project provides an open source implementation of the X Window System. The server supports bitmapped fonts in various formats, including Portable...
BusinessObjects RptViewerAX ActiveX control stack buffer overflow
Overview The BusinessObjects RptViewerAX ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description BusinessObjects 6.5 includes an ActiveX control called RptViewerAX, which is provided by...
MIT Kerberos contains array overrun in RPC library used by kadmind
Overview Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. Description The MIT krb5 Kerberos implementation includes a GSS RPC library used in the Kerberos administration server kadmind. Two flaws exist ...
Check Point VPN-1 information disclosure vulnerability
Overview The Check Point VPN-1 firewall contains an information disclosure vulnerability that may allow an authenticated attacker to access data that they are not authorized to access. Description The Check Point VPN-1 is an application layer firewall that supports remote and site-to-site virtual...
UltraVNC buffer overflow vulnerability
Overview UltraVNC viewer contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute arbitrary code. Description UltraVNC viewer is a remote desktop application that allows a user to control compatible VNC servers. The UltraVNC viewer includes a...
Microsoft Office Web Components Spreadsheet ActiveX control URL parsing stack buffer overflow
Overview The Microsoft Office Web Components ActiveX controls contain a stack buffer overflow in the processing of URLs, which allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office Web Components are ActiveX controls that provide...
Adobe Form Designer and Advanced Form Client ActiveX controls contain multiple buffer overflows
Overview Adobe Form Designer and Advanced Form Client contain multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Adobe Form Designer and Advanced Form Client software provide multiple ActiveX...
RealNetworks RealPlayer ActiveX controls property heap memory corruption
Overview Multiple RealPlayer ActiveX controls fail to properly handle properties, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer provides multiple ActiveX controls to allow integration with Internet Explorer...
Microsoft Office mailto URI remote code execution
Overview A vulnerability in the way that Microsoft Outlook handles a certain type of hyperlink could allow a remote attacker to execute arbitrary code on the vulnerable system. Description Microsoft Outlook provides a centralized application for managing and organizing e-mail messages, schedules,...
GNOME Evolution format string vulnerability
Overview The GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code. Description Evolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.From Secunia Advisory SA29057: A...
AirSpan WiMAX ProST web management interface authentication bypass vulnerability
Overview The AirSpan WiMAX ProST contains an authentication bypass vulnerability that could allow an unauthenticated, remote attacker to make arbitrary configuration changes. Description The AirSpan WiMAX ProST is customer premise equipment that provides WiMAX wireless networking. The web...
Sun Java WebStart stack buffer overflow
Overview Sun Java WebStart contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Sun Java WebStart is a technology for launching stand-alone Java applications. On Microsoft Windows systems, Java WebStart ...
IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) allows buffer overflow via HTTP request
Overview The IBM Tivoli Provisioning Manager for OS Deployment TPMfOSD contains a buffer overflow vulnerability in the web server component. This vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges or cause a denial of service. Description IBM Tivoli Provisioning...
Mozilla Thunderbird external-body MIME type buffer overflow
Overview Mozilla Thunderbird contains a heap-based buffer overflow which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Thunderbird is an open source, cross-platform email and news client. Thunderbird uses Multipurpose Internet...
Learn2 STRunner ActiveX control stack buffer overflows
Overview The Learn2 STRunner ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Learn2 Corporation STRunner ActiveX control, which is provided by iestm32.dll, can view...
Canon digital multifunction copiers FTP bounce vulnerability
Overview Some models of Canon digital multifunction copiers are vulnerable to the FTP bounce attack. Description From the Problems With The FTP PORT Command document:The FTP Bounce Attack To conform with the FTP protocol, the PORT command has the originating machine specify an arbitrary destinati...
OpenCA allows Cross site request forgery (XSRF)
Overview OpenCA contains a cross site request forgery XSRF vulnerability that may allow an attacker to leverage an administrator's creditials to exectue activities on the Certification Authority. Description The OpenCA PKI Development Project\t is an open source out-of-the-box Certification...
Samba "send_mailslot()" function buffer overflow
Overview The Samba "sendmailslot" function contains a stack-based buffer overflow vulnerability which could be exploited by a remote, unauthenticated attacker to execute arbitrary code. Description Samba is a widely used open-source implementation of Server Message Block SMB/Common Internet File...
Apache mod_jk2 host header buffer overflow
Overview A vulnerability exists in the legacy version of the modjk2 Apache module. If successfully exploited, the vulnerability may allow an attacker to run arbitrary code on affected system. Description The host header field allows HTTP 1.1 RFC 2616 compliant servers to host multiple domains usi...
Microsoft Internet Explorer property memory corruption vulnerability
Overview A vulnerability in the way Microsoft Internet Explorer handles malformed property objects may may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret Web pages that...
SkypeFind fails to properly sanitize user-supplied input
Overview The Skype client does not properly filter user-supplied input that was received from the SkypeFind service. This vulnerability may allow an attacker to execute arbitrary code. Description Skype is a peer-to-peer application that provides Voice over IP VoIP and Instant Messaging services...
Adobe Reader EScript.api arbitrary code execution
Overview The Adobe Acrobat Reader contains a vulnerability that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files insi...
Microsoft Word code execution vulnerability
Overview Microsoft Word contains a vulnerability that may allow an attacker to execute arbitrary code. Description Per Microsoft Security Bulletin MS08-009:A remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote...
Apple Mac OS X fails to properly handle a crafted URL
Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute arbitrary code. Description According to Apple Security Update 2008-001:An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user ...
Adobe Reader and Acrobat JavaScript methods buffer overflow vulnerabilities
Overview Adobe Reader and Acrobat contains multiple buffer overflow vulnerabilities. Successful exploitation of this vulnerability may allow an attacker to execute code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the...
Mozilla products may allow directory traversal
Overview A vulnerability exists in the way Mozilla products with certain extensions handle chrome: URIs that may allow directory traversal. Description Mozilla extensions are small add-ons that can be integrated with Mozilla products to provide added functionality. Mozilla products contain a...
Mozilla browsers fail to properly handle images
Overview A vulnerability exists in Mozilla products that may allow a remote attacker to view browser history or cause a denial of service. Description Mozilla products contain a vulnerability in the browser engine that may result in information disclosure or a denial of service when handling...
KAME project IPv6 IPComp header denial of service vulnerability
Overview The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash. Description Per RFC 3173:IP payload compression is a protocol to reduce the size of ...
Yahoo! Music Jukebox YMP Datagrid ActiveX control stack buffer overflows
Overview The Yahoo! Music Jukebox YMP Datagrid ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes...
Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control stack buffer overflow
Overview The Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes multip...
Aurigma ImageUploader ActiveX control stack buffer overflows
Overview The Aurigma ImageUploader ActiveX control contains multiple stack buffer overflow vulnerabilities, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Aurigma ImageUploader is an ActiveX control that provides the ability to upload pictures usin...
Liferay Portal fails to protect against CSRF
Overview Liferay Portal fails to properly protect against Cross-Site Request Forgery CSRF. This may allow a remote attacker to be able to forge requests that Liferay Portal takes action upon. Description Liferay Portal is an enterprise portal solution that uses Java technologies. Liferay Portal...
Liferay Portal Admin portlet Shutdown message XSS
Overview Liferay Portal Admin portlet fails to properly validate input to the shutdown message, which can allow a remote, authenticated attacker to inject script into the message displayed to all users when the server is being shut down. Description Liferay Portal is an enterprise portal solution...
Liferay Portal User Profile Greeting stored XSS
Overview Liferay Portal fails to properly validate the User Profile "Greeting" value, which can allow script to execute when a user logs into the portal. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The User Profile "Greeting" value of Liferay Portal...
Liferay Portal Forgot Password User-Agent HTTP header XSS
Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to inject content into "Forgot Password" emails. Description Liferay Portal is an enterprise portal solution that uses Java...
Liferay Portal Enterprise Admin User-Agent HTTP header XSS
Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to gain administrative access. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The...
SwiftView ActiveX control and plug-in stack buffer overflow
Overview The SwiftView ActiveX control and plug-in contain a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SwiftView is software used to view or print PCL, HPGL, and TIFF files. SwiftSend is a product used f...
GE Fanuc Proficy Information Portal allows arbitrary file upload and execution
Overview GE Fanuc Proficy Information Portal allows authenticated users to upload arbitrary files. An attacker could upload an executable server-side script e.g., an .asp shell on a Microsoft Internet Information Server platform and execute arbitrary commands with the privileges of the web server...