3695 matches found
GE Fanuc CIMPLICITY HMI heap buffer overflow
Overview GE Fanuc CIMPLICITY HMI contains a remotely accessible heap buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code. Description GE Fanuc CIMPLICITY HMI is software used for monitoring and control in Supervisory Control And Data Acquisition SCADA systems...
GE Fanuc Proficy Information Portal transmits authentication credentials in plain text
Overview GE Fanuc Proficy Information Portal can transmit authentication credentials in plain text. An attacker could monitor traffic, obtain valid credentials, and gain access to the portal. Description GE Fanuc Proficy Information Portal is a web-based systems reporting tool often used to...
inet_network() off-by-one buffer overflow
Overview The inetnetwork resolver function contains an off-by-one buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The inetnetwork function takes a character string representation for an internet address and returns...
Skype does not properly filter input from external websites
Overview The Skype client does not properly filter user-supplied input from websites that provide video content to Skype users. Description Skype is a peer-to-peer application that provides Voice over IP VoIP and Instant Messaging services. The Skype client is available for the Microsoft Windows,...
Citrix Presentation Server heap based buffer overflow
Overview A heap-based buffer overflow in Citrix Presentation Server may allow a remote attacker to execute arbitrary code on an vulnerable system in the context of the system user. Description Citrix Presentation Server is an application delivery system providing access to users accross a network...
UPnP enabled by default in multiple devices
Overview Multiple vendors ship devices with UPnP enabled by default. By convincing a user to open a malicious URL, an attacker may be able to remotely control or configure UPnP enabled devices. Description Universal Plug and Play UPnP is a collection of protocols maintained and distributed by the...
Microsoft Windows IGMPv3 and MLDv2 processing vulnerability
Overview Microsoft Windows fails to properly process IGMPv3 and MLDv2 network traffic. If exploited, this vulnerability may result in arbitrary code execution or a denial-of-service condition. Description Internet Group Management Protoco IGMP is the protocol used by IPv4 hosts to report their...
Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability
Overview Apple QuickTime contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition and possibly execute arbitrary code. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. Appl...
AOL Radio AOLMediaPlaybackControl.exe stack buffer overflow
Overview The AOL AOLMediaPlaybackControl application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description AOL Radio includes several ActiveX controls to stream audio in web pages. The AOL AmpX and...
Gateway CWebLaunchCtl ActiveX control buffer overflow
Overview The Gateway CWebLaunchCtl ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable sytem. Description The Gateway Computers CWebLaunchCtlActiveX control, which is provided by weblaunch.ocx and weblaunch2.ocx,...
Microsoft Windows LSASS privilege escalation vulnerability
Overview The Windows LSASS service contains privilege escalation vulnerability. Description The Windows Local Security Authority Subsystem Service LSASS is a process that enforces the local security policy. Per Microsoft Security Bulletin MS08-002: An elevation of privilege vulnerability exists i...
SSH Tectia Client and Server ssh-signer local privilege escalation
Overview The SSH Communications Security Tectia Client and Server products are vulnerable to privilege escalation, which may allow a local user to gain root access. Description The SSH Tectia Client and Server products contain an unspecified privilege escalation vulnerability in ssh-signer. A loc...
Jetty fails to properly process URLs that contain double / characters
Overview The Jetty web server contains a vulnerability that may allow an attacker to access private files or directories. Description Jetty is a web server that is implemented in Java. Jetty contains a vulnerability in the way it processes URLs with multiple "/" slash characters. See the Jetty...
OpenSSL FIPS Object Module fails to properly generate random seeds
Overview The OpenSSL FIPS Module fails to perform auto-seeding, which may allow an attacker to predict pseudo-randomly generated data. Description OpenSSL is a toolkit that provides SSL and TLS protocols as well as a general purpose cryptography library. The OpenSSL FIPS Object Module provides an...
Flash authoring tools create Flash files that contain cross-site scripting vulnerabilities
Overview A number of authoring tools for Flash content may generate files that contain cross-site scripting vulnerabilities. Any site hosting Flash generated by an affected tool could be vulnerable to cross-site scripting. Description ActionScript is a scripting language based on ECMAScript also...
IBM Lotus Domino Web Access ActiveX control stack buffer overflows
Overview The IBM Lotus Domino Web Access ActiveX control contains multiple stack buffer overflow vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IBM Lotus Domino includes an ActiveX control called Domino Web Access,...
Adobe Flash Player asfunction protocol may enable cross-site scripting
Overview The Adobe Flash player asfunction protocol could allow an attacker to conduct cross-site scripting attacks on websites that host vulnerable Flash files. Description The Adobe Flash Player is a player for the Flash media format and enables frame-based animations and multimedia to be viewe...
Apple Safari code execution vulnerability
Overview The Apple Safari web browser contains a vulnerability that may allow an attacker to execute arbitrary code. Description Per Apple Security Update 2007-009:A memory corruption issue exists in Safari's handling of feed: URLs. By enticing a user to access a maliciously crafted URL, an...
Meridian Prolog Manager uses weak authentication to store and transmit user credentials
Overview Meridian Systems Prolog Manager does not use strong encryption and returns a list of all user credentials when authenticating clients. These behaviors could allow an attacker to obtain user credentials and decrypt passwords. Description Meridian Systems Prolog Manager is a set of...
Gesytec Easylon OPC Server fails to properly validate OPC server handles
Overview The Gesytec Easylon OPC Server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service condition. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects used in the process control and...
Shadow Utils useradd utility sets incorrect file permissions
Overview The Shadow Utilities contain a vulnerability that may result in new user mailboxes having arbitrary permissions. Description The Shadow Utilities provide tools to manage user accounts.When a new mailbox is created using the useradd utility, the open function does not receive the expected...
Microsoft DirectX SAMI parsing buffer overflow
Overview Microsoft DirectX is vulnerable to a stack-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectX is a feature of the Microsoft Windows operating system used for streaming...
Microsoft DirectX remote code execution
Overview Microsoft DirectX is vulnerable to a remote code execution vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectX is a feature of the Microsoft Windows operating system used for streaming multimedia...
Microsoft SMBv2 signing vulnerability
Overview A vulnerability in the way Microsoft Server Message Block Version 2 SMBv2 implements digital signing of packets may allow a remote, unauthenticated attacker to gain local user privileges and execute arbitrary code. Description Microsoft Server Message Block SMB Protocol is a network file...
Microsoft Windows Media Format Runtime ASF handling buffer overflow
Overview Microsoft Windows Media Format Runtime is vulnerable to a heap-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an vulnerable system. Description Microsoft Windows Media Format Runtime is used by various Windows Media...
Microsoft Windows Vista privilege escalation vulnerability
Overview Microsoft Windows Vista contains a local privilege escalation vulnerability. Description The Windows Advanced Local Procedure Call ALPC does not properly evaluate certain conditions in legacy reply paths.Per Microsoft Security Bulletin MS07-066: An elevation of privilege vulnerability...
Squid remote denial-of-service vulnerability
Overview The Squid Proxy server contains a vulnerability that may allow an attacker to create a denial-of-service condition that affects the Squid server and systems that rely on it. Description Squid Proxy Cache is a caching proxy that supports the HTTP, HTTPS, and FTP protocols. Squid can also ...
Mortbay Jetty vulnerable to HTTP response splitting
Overview Mortbay Jetty is vulnerable to HTTP response splitting, which may allow a remote, unauthenticated attacker to inject various HTTP headers Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle HTTP headers with CRLF sequences, which can allow an...
Mortbay Jetty fails to properly handle cookies with quotes
Overview Mortbay Jetty fails to properly handle cookie quotes, which may allow session hijacking. Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle cookies with certain quote sequences. This can cause the Jetty cookie parsing mechanism to improperly...
Mortbay Jetty Dump Servlet vulnerable to cross-site scripting
Overview The Mortbay Jetty Dump Servlet contains a cross-site scripting vulnerability. Description Mortbay Jetty is a web server that is written in Java. The Dump Servlet that is included with Jetty is vulnerable to cross-site scripting. Note that according to the vendor, the Dump Servlet is for...
Apple Mail remote command execution vulnerability
Overview Apple Mail contains a vulnerability that may allow an attacker to execute arbitrary commands on OS X Leopdard 10.5 systems. Description Apple OS X uses resource forks to store structured data in files. Data forks are used to store unstructured data.The AppleDouble standard is specified i...
Apple QuickTime RTSP Content-Type header stack buffer overflow
Overview Apple QuickTime contains a stack buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. The Appl...
IBM Director fails to properly time-out connection requests from clients
Overview IBM Director Systems, specifically CIM Server, contains a denial-of-service vulnerability that can allow a remote, unauthenticated attacker to render Director inoperative. Description IBM Director is a suite of system management tools.When a rogue connection request is made to IBM Direct...
Invensys Wonderware InTouch creates insecure NetDDE share
Overview Invensys Wonderware InTouch 8.0 creates a NetDDE share that could allow an attacker to run arbitrary programs. Description Invensys Wonderware InTouch HMI Software is used in Supervisory Control And Data Acquisition SCADA systems.Dynamic Data Exchange DDE was designed to allow Microsoft...
RealNetworks player "Lyrics3" buffer overflow
Overview Multiple RealNetworks media players contain a buffer overflow which could allow a remote attacker to execute arbitrary code on an affected system. Description The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These...
Apple QuickTime heap buffer overflow vulnerability
Overview Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. Color table atoms can set a list of preferred colors for displaying movieson...
libFLAC contains multiple vulnerabilities
Overview libFLAC contains multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description FLAC Free Lossless Audio Codec is a lossless audio format. libFLAC is a library that can process FLAC files. libFLAC contains multip...
Apple Mac OS X CoreText uninitialized pointer vulnerability
Overview Apple Mac OS X CoreText contains an uninitialized pointer vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Mac OS X CoreText is a framework for handling text on Mac OS X Tiger 10.4 and later. Mac OS X...
Apple QuickTime code execution vulnerability
Overview Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime can use atom containers to organize movies and music tracks.From Apple...
Apple QuickTime buffer overflow vulnerability
Overview Apple QuickTime contains a stack buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime can display PICT images.From Apple Article ID: 306896 "About the...
Microsoft Windows DNS Server vulnerable to cache poisoning
Overview The Microsoft Windows DNS Server is vulnerable to cache poisoning, which may allow a remote, unauthenticated attacker to cause a Windows DNS server to provide incorrect responses to DNS queries. Description Microsoft Windows DNS Server is a service that provides DNS serving capabilities...
Guidance EnCase Enterprise uses weak authentication to identify target machines
Overview Guidance Software's EnCase Enterprise uses IP authentication to identify target machines. An attacker may be able to provide the EnCase SAFE server with a disk image from a different machine than an investigator requested. Description Guidance Software's EnCase Enterprise allows...
Guidance EnCase fails to detect more than 25 partitions
Overview Guidance Software's EnCase Forensic can only detect the first 25 partitions on a volume. Description Guidance Software's EnCase Forensic is a tool that allows an investigator to acquire and analyze a disk image. EnCase names partitions either c: through z:, with an additional partition...
Apple QuickTime for Java may allow Java applets to gain elevated privileges
Overview Apple QuickTime for Java contains a vulnerability that may allow a malicious Java applet to gain elevated privileges. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime for Java provides APIs which allow Java developers to include multimedia in Java...
Mozilla-based browsers jar: URI cross-site scripting vulnerability
Overview Mozilla-based web browsers including Firefox contain a vulnerability that may allow an attacker to execute code, or conduct cross-site scripting attacks. Description The jar: protocol is designed to extract content from ZIP compressed files. Mozilla-based browsers include support for jar...
SonicWall NetExtender NELaunchCtrl ActiveX control stack buffer overflow
Overview The SonicWall NetExtender NELaunchCtrl ActiveX control contains a stack buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SonicWall NetExtender is an SSL VPN client that is implemented by using an ActiveX...
CUPS buffer overflow vulnerability
Overview The Common Unix Printing System contains a buffer overflow vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Common Unix Printing System CUPS is a printing service used by many Linux and Unix operating systems. CUPS uses a print...
Microsoft Kodak Image Viewer code execution vulnerability
Overview The Kodak Image Viewer which is included in Windows 2000 contains a code execution vulnerability. Description The Kodak Image Viewer is included in Windows 2000. It may also be present on other versions of Windows that were upgraded from Windows 2000.Per Microsoft Security Bulletin...
RSA Keon cross-site scripting vulnerabilities
Overview The RSA KEON Registration Authority web interface contains multiple cross-site scripting XSS vulnerabilities. Description The RSA Keon Certificate Authority CA software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers o...
RealPlayer playlist name stack buffer overflow
Overview RealPlayer contains a stack buffer overflow in the handling of playlist names, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...