3704 matches found
IBM and Lenovo Access Support acpRunner ActiveX control format string vulnerability
Overview The IBM Lenovo Access Support acpRunner ActiveX control contains a format string vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes several...
IBM and Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures
Overview The IBM Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes several...
Microsoft Windows VML compressed content integer underflow
Overview Microsoft Windows VML fails to properly handle compressed content, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML, which is a set of XML tags for...
InterActual Player IAKey ActiveX control stack buffer overflow
Overview The InterActual Player IAKey ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems. InterActual Player wa...
InterActual Player IAMCE ActiveX control stack buffer overflow
Overview The InterActual Player IAMCE ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems. InterActual Player wa...
Microsoft DirectX Media 6.0 Live Picture Corporation DirectTransform FlashPix ActiveX control buffer overflow
Overview The Live Picture Corporation DirectTransform FlashPix ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft DirectX Media 6.0 SDK includes an ActiveX control that is...
Cisco IOS fails to properly handle Next Hop Resolution Protocol packets
Overview Cisco IOS fails to properly handle Next Hop Resolution Protocol packets, which could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description Cisco IOS is an operating system that is used on Cisco network devices. Cisco IOS supports a...
Atheros wireless network drivers may fail to properly handle malformed frames
Overview Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description Some versions of the Microsoft Windows drivers for Atheros 802.11 a/b/g wireless adapters fail ...
RSA key reconstruction vulnerability
Overview Various implementations of RSA may contain a vulnerability that could allow an attacker to retrieve encryption keys. Description Some implementations of RSA may contain a vulnerability that could allow a local attacker to retrieve encryption keys. OpenSSL is a widely used open source...
ISC BIND generates cryptographically weak DNS query IDs
Overview ISC Internet Systems Consortiuim BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Description From the ISC Bind security page:The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of...
Microsoft Windows URI protocol handling vulnerability
Overview Microsoft Windows fails to properly handle protocols specified in a URI, which could allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characters that can be used to identify a...
ISC BIND does not correctly set default access controls
Overview ISC Internet Systems Consortiuim BIND fails to properly set default access control lists. This may allow unauthorized users to make recursive querries and querry the cache. Description From the ISC BIND security page:The default access control lists acls are not being correctly set. If n...
Mozilla Firefox URI filtering vulnerability
Overview Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characte...
VLC Media Player format string vulnerability
Overview VLC contains a format string vulnerability that may allow an attacker to execute code. Description VideoLAN VLC is a streaming media player that runs on multiple platforms. From VideoLAN Security Advisory 0702: VLC media player Ogg/Vorbis, Ogg/Theora, CDDA CD Digital Audio and SAP Servic...
Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field
Overview The example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the "From" field. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat includes a sample page called SendMailServlet,...
Oracle Collaboration Suite denial of service vulnerability
Overview The Oracle collaboration suite contains a vulnerability that may allow an attacker to create a denial-of-service condition. Description The Oracle collaboration suite contains a vulnerability. From Oracle Critical Patch Update - July 2007:There is 1 new Oracle Collaboration Suite specifi...
Trillian Instant Messenger client fails to properly handle malformed URIs
Overview The Trillian Instant Messaging client contains a buffer overflow vulnerability that may allow an attacker to execute code. Description A Uniform Resource Identifier URI is a string of characters that can be used to identify a location, resource, or protocol. The Trillian Instant Messenge...
Adobe Flash Player fails to properly validate HTTP Referers
Overview The Adobe Flash Player fails to properly validate HTTP Referers. This may allow an attacker to conduct cross-site request forgery attacks. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser...
Flash Player information disclosure vulnerability
Overview The Adobe Flash player contains an information disclosure vulnerability that affects the Konqueror and Opera web browsers. Description Konqueror is the default web browser for the KDE desktop. Opera is a web browser that is available for Windows, Linux and BSD systems.The Adobe Flash...
Apple QuickTime fails to properly handle malformed movie files
Overview Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote...
Symantec Backup Exec contains heap overflow in RPC interface
Overview Symantec Backup Exec for Windows Servers contains a vulnerability that may allow a remote attacker to cause a denial of service or potentially execute arbitrary code on an affected system. Description Symantec Backup Exec for Windows Servers is a client/server based backup software...
Mozilla Firefox URL protocol handling vulnerability
Overview Mozilla Firefox protocol handlers may allow remotely supplied JavaScript to execute with elevated privileges. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description On Microsoft Windows systems, Mozilla Firefox installs protocol...
Microsoft Windows Vista Teredo IPv6 interface firewall bypass vulnerability
Overview A vulnerability in the Microsoft Windows Vista firewall may allow an attacker to send unfiltered IPv6 traffic to a vulnerable system. Description Internet Protocol version 6 IPv6 is an IP standard that is designed to replace the Internet Protocol version 4 IPv4. The Microsoft Teredo...
Adobe Flash Player FLV integer overflow
Overview A vulnerability in the Adobe Flash Player could allow a remote attacker to execute arbitrary code on an affected system. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. An integer...
Microsoft Windows Active Directory fails to properly validate client sent LDAP requests
Overview Microsoft Windows Active Directory fails to properly validate client-sent LDAP requests and may result in a denial of service condition. Description Microsoft Windows Active Directory contains a vulnerability in the way that the LDAP service validates the number of convertible attributes...
Microsoft Windows Active Directory fails to properly validate LDAP requests
Overview A vulnerability in Windows Active Directory could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Lightweight Directory Access Protocol LDAP is a standard protocol that enables users to query or modify the data in a meta directory. Microsoft's...
SAP DB Web Server buffer overflow vulnerability
Overview The SAP Web Server contains a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description SAP DB is a database server that includes a series of web-based configuration tools.A stack based buffer overlfow exists in the SAP DB web...
SAP Message Server heap buffer overflow
Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...
Lhaca buffer overflow vulnerability
Overview The Lhaca archiving program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description LHA is an archive file format. LHA is used by the Lhaca compression utility.A stack buffer overflow vulnerability exists in the Lhaca program. This...
RealNetworks players SMIL "wallclock" buffer overflow
Overview A buffer overflow in RealNetworks media players could allow a remote attacker to execute arbitrary code on an affected system. Description The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These players support multipl...
602pro Lan Suite 2003 buffer overflow vulnerability
Overview 602pro Lan Suite 2003 contains a buffer overflow vulnerability that may allow an attacker to execute code. Description 602pro Lan Suite 2003 is a mail, firewall and proxy server that runs on the Microsoft Windows operating system.The 602pro Lan Suite 2003 SMTP server contains a buffer...
Novell NetWare NFS denial of service vulnerability
Overview The Novell NetWare NFS mount daemon contains a denial of service vulnerability. Description Network File System NFS is an ONC RPC based file and print sharing protocol. Novell Netware includes support for the NFS protocol.From Novell Support Document 3008097: If an NFS client attempts a...
MIT Kerberos kadmind RPC library gssrpc__svcauth_unix() integer conversion error
Overview The MIT Kerberos administration daemon kadmind contains an integer conversion error vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description The gssrpcsvcauthunix function used by the Kerberos administration...
MIT Kerberos kadmind RPC library gssrpc__svcauth_gssapi() uninitialized pointer free vulnerability
Overview The MIT Kerberos administration daemon kadmind can free an uninitialized pointer, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description The gssrpcsvcauthgssapi function used by the Kerberos administration daemon can free an...
MIT Kerberos kadmind principal renaming stack buffer overflow
Overview The MIT Kerberos administration daemon kadmind contains a stack buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the principal renaming operation used by the Kerberos...
Apple Safari cross-domain HTTP redirection race condition
Overview Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Description Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may...
Apple WebCore XMLHttpRequest fails to properly serialize headers into an HTTP request
Overview Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. Description Apple WebCore is one of the components of the WebKit web browser engine that is used by Safari, Dashboard, Mail, and other applications. WebCore provides...
Apple WebKit frame rendering memory corruption vulnerability
Overview The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple: WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X...
Cerulean Studios Trillian Instant Messenger fails to properly handle "UTF-8" sequences
Overview A vulnerability in Cerulean Studios Trillian Instant Messenger client may lead to execution of arbitrary code. Description Cerulean Studios Trillian Instant Messenger client fails to properly handle specially crafted UTF-8 text. A heap overflow may occur when Trillian receives a messages...
RealNetworks GameHouse dldisplay ActiveX control stack buffer overflows
Overview The RealNetworks GameHouse dldisplay ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks GameHouse is a web site that provides games. GameHouse has an...
Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods
Overview The Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods, which can allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Novell exteNd Director is a set of software development tools and...
Microsoft Windows Secure Channel integer underflow
Overview A vulnerability in Microsoft Windows Secure Channel security package may lead to execution of arbitrary code. Description Microsoft Windows Secure Channel Schannel security package implements standard network authentication protocols Secure Sockets Layer SSL and Transport Layer Security...
Microsoft Windows "MHTML" protocol handler fails to properly handle URL redirections
Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret URL redirections, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets URL redirections. The...
Corel / Micrografx ActiveCGM Browser ActiveX control buffer overflows
Overview The Corel / Micrografx ActiveCGM Browser ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Corel ActiveCGM Browser is an ActiveX control that allows viewing of Computer...
Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header
Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...
Microsoft Windows Win32 API fails to properly validate function parameters
Overview The Microsoft Windows Win32 API fails to properly validate function parameters, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Win32 API is a set of application programming interfaces for the...
Microsoft Speech API ActiveX controls contain buffer overflows
Overview The Microsoft Speech API ActiveListen and ActiveVoice ActiveX controls contain multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Speech API is a software package that provides text-to-spee...
Zoomify Viewer ActiveX control multiple stack buffer overflows
Overview The Zoomify Viewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Zoomify provides software to incorporate zoomable images into web sites. One of the Zoomify produc...
Mozilla Firefox allows cross-domain iframe access via JavaScript
Overview Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Description An iframe is an HTML element which allow...
Yahoo! Webcam view utilities ActiveX control vulnerable to arbitrary code execution
Overview The Yahoo! Webcam view utilities ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Webcam is a component of Yahoo! Messenger that allows users to chat via webcams over ...