3702 matches found
Microsoft HeartbeatCtl ActiveX control buffer overflow
Overview The Microsoft HeartbeatCtl ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft HeartbeatCtl ActiveX control is used to play multiplayer games on the MSN Games website. T...
ClamAV upack heap buffer overflow vulnerability
Overview The ClamAV anti-virus scanner contains a vulnerability that may allow an attacker to execute code or cause ClamAV to crash. Description The Portable Executable PE file format is a file format for executable files that is used in Microsoft Windows. PE files can be packed with executable...
Mozilla Firefox JavaScript engine fails to properly handle garbage collection
Overview Mozilla Firefox JavaScript engine fails to properly handle garbage collection. This vulnerability result in memory corruption, which in some cases may be exploitable to execute arbitrary code. Description Per Mozilla Foundation Security Advisory 2008-20:Fixes for security problems in the...
Apple Safari fails to properly handle a file name
Overview A vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service. Description According to Apple Safari 3.1.1:A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a malicious...
Apple Safari WebKit fails to properly handle a crafted URL
Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute script in the context of another site.. Description According to Apple Safari 3.1.1: An issue exists in WebKit's handling of URLs containing a colon character in the host name. Openi...
Ruby WEBrick vulnerable to directory traversal
Overview Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash \ path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory. Description WEBrick is a Ruby library program to build HTTP servers...
Microsoft GDI buffer overflow vulnerability
Overview The Microsoft GDI contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The Graphics Device Interface GDI is component of the Microsoft Windows user interface. Windows Metafile WMF and Enhanced Metafile EMF are image file formats...
Microsoft Office Project vulnerable to remote code execution via specially crafted Project file
Overview A vulnerability in the way Microsoft Office Project parses files may lead to execution of arbitrary code. Description Microsoft Office Project contains a vulnerability that could be exploited when Project attempts to parse specially crafted files. According to Microsoft Security Bulletin...
C compilers may silently discard some wraparound checks
Overview Some C compilers optimize away pointer arithmetic overflow tests that depend on undefined behavior without providing a diagnostic a warning. Applications containing these tests may be vulnerable to buffer overflows if compiled with these compilers. Description In the C language, given th...
Nik Software Sharpener Pro vulnerable to privilege escalation
Overview The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges. Description Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets...
Mozilla JavaScript privilege escalation
Overview Mozilla products contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code. Description Mozilla Firefox, Thunderbird, and SeaMonkey do not properly handle JavaScript, which may allow privilege escalation and execution of arbitrary code o...
Cisco IOS denial-of-service vulnerability
Overview A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. Description The Cisco Internetwork Operating System IOS includes support for processing Internet Protocol version 6 IPv6 packets.Per Cisco Advisory...
Adobe Flash Player may load arbitrary, malformed cross-domain policy files
Overview Adobe Flash Player may load arbitrary, malformed cross-domain policy files. This could allow an attacker to control cross-domain data loading, potentially allowing the attacker to gain access to sensitive information or to manipulate content in other domains. Description Adobe Flash Play...
Microsoft Jet Engine stack buffer overflow
Overview The Microsoft Jet Engine contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Jet, or Joint Engine Technology, is a database engine that is used by several Microsoft products, includin...
AirSpan Base Station Distribution Unit default root password
Overview AirSpan Base Station Distribution Units may contain an undocumented telnet server that authenticates via a known password and is enabled by default. Description From the AirSpan MicroMax product page:The base station is highly modular in design and is composed of two main components: the...
libarchive does not properly terminate loop
Overview libarchive contains a vulnerability that may allow an attacker to cause a denial of service. Description The libarchive library provides an interface for reading and writing archive files.There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an...
Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value
Overview Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value, which may prevent Windows from effectively disabling AutoRun and AutoPlay features. Description AutoRun, which was introduced with Windows 95, is a feature that causes Windows to automatically take an actio...
Apple Safari vulnerable to xss via the processing of JavaScript URLs
Overview A vulnerability in the way Apple Safari handles JavaScript URLs may allow execution of JavaScript in the context of another site. Description Apple Safari contains a vulnerability that may cause a cross-site script injection when processing JavaScript URLs. According to Apple Security...
X.Org PCF font parser buffer overflow
Overview A vulnerability in the X.Org server could allow a remote attacker to execute arbitrary code on an affected system. Description The X.Org project provides an open source implementation of the X Window System. The server supports bitmapped fonts in various formats, including Portable...
MIT Kerberos krb4-enabled KDC contains multiple vulnerabilities
Overview Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service. Description Several vulnerabilities exist in the Authentication Service and Key Distributio...
Check Point VPN-1 information disclosure vulnerability
Overview The Check Point VPN-1 firewall contains an information disclosure vulnerability that may allow an authenticated attacker to access data that they are not authorized to access. Description The Check Point VPN-1 is an application layer firewall that supports remote and site-to-site virtual...
MIT Kerberos contains array overrun in RPC library used by kadmind
Overview Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. Description The MIT krb5 Kerberos implementation includes a GSS RPC library used in the Kerberos administration server kadmind. Two flaws exist ...
BusinessObjects RptViewerAX ActiveX control stack buffer overflow
Overview The BusinessObjects RptViewerAX ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description BusinessObjects 6.5 includes an ActiveX control called RptViewerAX, which is provided by...
UltraVNC buffer overflow vulnerability
Overview UltraVNC viewer contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute arbitrary code. Description UltraVNC viewer is a remote desktop application that allows a user to control compatible VNC servers. The UltraVNC viewer includes a...
Adobe Form Designer and Advanced Form Client ActiveX controls contain multiple buffer overflows
Overview Adobe Form Designer and Advanced Form Client contain multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Adobe Form Designer and Advanced Form Client software provide multiple ActiveX...
Microsoft Office Web Components Spreadsheet ActiveX control URL parsing stack buffer overflow
Overview The Microsoft Office Web Components ActiveX controls contain a stack buffer overflow in the processing of URLs, which allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office Web Components are ActiveX controls that provide...
Microsoft Office mailto URI remote code execution
Overview A vulnerability in the way that Microsoft Outlook handles a certain type of hyperlink could allow a remote attacker to execute arbitrary code on the vulnerable system. Description Microsoft Outlook provides a centralized application for managing and organizing e-mail messages, schedules,...
RealNetworks RealPlayer ActiveX controls property heap memory corruption
Overview Multiple RealPlayer ActiveX controls fail to properly handle properties, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer provides multiple ActiveX controls to allow integration with Internet Explorer...
GNOME Evolution format string vulnerability
Overview The GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code. Description Evolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.From Secunia Advisory SA29057: A...
AirSpan WiMAX ProST web management interface authentication bypass vulnerability
Overview The AirSpan WiMAX ProST contains an authentication bypass vulnerability that could allow an unauthenticated, remote attacker to make arbitrary configuration changes. Description The AirSpan WiMAX ProST is customer premise equipment that provides WiMAX wireless networking. The web...
Sun Java WebStart stack buffer overflow
Overview Sun Java WebStart contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Sun Java WebStart is a technology for launching stand-alone Java applications. On Microsoft Windows systems, Java WebStart ...
IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) allows buffer overflow via HTTP request
Overview The IBM Tivoli Provisioning Manager for OS Deployment TPMfOSD contains a buffer overflow vulnerability in the web server component. This vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges or cause a denial of service. Description IBM Tivoli Provisioning...
Mozilla Thunderbird external-body MIME type buffer overflow
Overview Mozilla Thunderbird contains a heap-based buffer overflow which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Thunderbird is an open source, cross-platform email and news client. Thunderbird uses Multipurpose Internet...
Learn2 STRunner ActiveX control stack buffer overflows
Overview The Learn2 STRunner ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Learn2 Corporation STRunner ActiveX control, which is provided by iestm32.dll, can view...
Canon digital multifunction copiers FTP bounce vulnerability
Overview Some models of Canon digital multifunction copiers are vulnerable to the FTP bounce attack. Description From the Problems With The FTP PORT Command document:The FTP Bounce Attack To conform with the FTP protocol, the PORT command has the originating machine specify an arbitrary destinati...
OpenCA allows Cross site request forgery (XSRF)
Overview OpenCA contains a cross site request forgery XSRF vulnerability that may allow an attacker to leverage an administrator's creditials to exectue activities on the Certification Authority. Description The OpenCA PKI Development Project\t is an open source out-of-the-box Certification...
Samba "send_mailslot()" function buffer overflow
Overview The Samba "sendmailslot" function contains a stack-based buffer overflow vulnerability which could be exploited by a remote, unauthenticated attacker to execute arbitrary code. Description Samba is a widely used open-source implementation of Server Message Block SMB/Common Internet File...
Apache mod_jk2 host header buffer overflow
Overview A vulnerability exists in the legacy version of the modjk2 Apache module. If successfully exploited, the vulnerability may allow an attacker to run arbitrary code on affected system. Description The host header field allows HTTP 1.1 RFC 2616 compliant servers to host multiple domains usi...
SkypeFind fails to properly sanitize user-supplied input
Overview The Skype client does not properly filter user-supplied input that was received from the SkypeFind service. This vulnerability may allow an attacker to execute arbitrary code. Description Skype is a peer-to-peer application that provides Voice over IP VoIP and Instant Messaging services...
Microsoft Internet Explorer property memory corruption vulnerability
Overview A vulnerability in the way Microsoft Internet Explorer handles malformed property objects may may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret Web pages that...
Adobe Reader EScript.api arbitrary code execution
Overview The Adobe Acrobat Reader contains a vulnerability that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files insi...
Apple Mac OS X fails to properly handle a crafted URL
Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute arbitrary code. Description According to Apple Security Update 2008-001:An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user ...
Microsoft Word code execution vulnerability
Overview Microsoft Word contains a vulnerability that may allow an attacker to execute arbitrary code. Description Per Microsoft Security Bulletin MS08-009:A remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote...
Mozilla products may allow directory traversal
Overview A vulnerability exists in the way Mozilla products with certain extensions handle chrome: URIs that may allow directory traversal. Description Mozilla extensions are small add-ons that can be integrated with Mozilla products to provide added functionality. Mozilla products contain a...
Mozilla browsers fail to properly handle images
Overview A vulnerability exists in Mozilla products that may allow a remote attacker to view browser history or cause a denial of service. Description Mozilla products contain a vulnerability in the browser engine that may result in information disclosure or a denial of service when handling...
Adobe Reader and Acrobat JavaScript methods buffer overflow vulnerabilities
Overview Adobe Reader and Acrobat contains multiple buffer overflow vulnerabilities. Successful exploitation of this vulnerability may allow an attacker to execute code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the...
KAME project IPv6 IPComp header denial of service vulnerability
Overview The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash. Description Per RFC 3173:IP payload compression is a protocol to reduce the size of ...
Yahoo! Music Jukebox YMP Datagrid ActiveX control stack buffer overflows
Overview The Yahoo! Music Jukebox YMP Datagrid ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes...
Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control stack buffer overflow
Overview The Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes multip...
Aurigma ImageUploader ActiveX control stack buffer overflows
Overview The Aurigma ImageUploader ActiveX control contains multiple stack buffer overflow vulnerabilities, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Aurigma ImageUploader is an ActiveX control that provides the ability to upload pictures usin...