ISC BIND generates cryptographically weak DNS query IDs

Overview ISC Internet Systems Consortiuim BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Description From the ISC Bind security page:The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of...

ISC BIND does not correctly set default access controls

Overview ISC Internet Systems Consortiuim BIND fails to properly set default access control lists. This may allow unauthorized users to make recursive querries and querry the cache. Description From the ISC BIND security page:The default access control lists acls are not being correctly set. If n...

Microsoft Windows URI protocol handling vulnerability

Overview Microsoft Windows fails to properly handle protocols specified in a URI, which could allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characters that can be used to identify a...

Mozilla Firefox URI filtering vulnerability

Overview Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characte...

VLC Media Player format string vulnerability

Overview VLC contains a format string vulnerability that may allow an attacker to execute code. Description VideoLAN VLC is a streaming media player that runs on multiple platforms. From VideoLAN Security Advisory 0702: VLC media player Ogg/Vorbis, Ogg/Theora, CDDA CD Digital Audio and SAP Servic...

Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field

Overview The example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the "From" field. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat includes a sample page called SendMailServlet,...

Oracle Collaboration Suite denial of service vulnerability

Overview The Oracle collaboration suite contains a vulnerability that may allow an attacker to create a denial-of-service condition. Description The Oracle collaboration suite contains a vulnerability. From Oracle Critical Patch Update - July 2007:There is 1 new Oracle Collaboration Suite specifi...

Trillian Instant Messenger client fails to properly handle malformed URIs

Overview The Trillian Instant Messaging client contains a buffer overflow vulnerability that may allow an attacker to execute code. Description A Uniform Resource Identifier URI is a string of characters that can be used to identify a location, resource, or protocol. The Trillian Instant Messenge...

Apple QuickTime fails to properly handle malformed movie files

Overview Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote...

Adobe Flash Player fails to properly validate HTTP Referers

Overview The Adobe Flash Player fails to properly validate HTTP Referers. This may allow an attacker to conduct cross-site request forgery attacks. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser...

Flash Player information disclosure vulnerability

Overview The Adobe Flash player contains an information disclosure vulnerability that affects the Konqueror and Opera web browsers. Description Konqueror is the default web browser for the KDE desktop. Opera is a web browser that is available for Windows, Linux and BSD systems.The Adobe Flash...

Microsoft Windows Active Directory fails to properly validate client sent LDAP requests

Overview Microsoft Windows Active Directory fails to properly validate client-sent LDAP requests and may result in a denial of service condition. Description Microsoft Windows Active Directory contains a vulnerability in the way that the LDAP service validates the number of convertible attributes...

Adobe Flash Player FLV integer overflow

Overview A vulnerability in the Adobe Flash Player could allow a remote attacker to execute arbitrary code on an affected system. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. An integer...

Microsoft Windows Vista Teredo IPv6 interface firewall bypass vulnerability

Overview A vulnerability in the Microsoft Windows Vista firewall may allow an attacker to send unfiltered IPv6 traffic to a vulnerable system. Description Internet Protocol version 6 IPv6 is an IP standard that is designed to replace the Internet Protocol version 4 IPv4. The Microsoft Teredo...

Mozilla Firefox URL protocol handling vulnerability

Overview Mozilla Firefox protocol handlers may allow remotely supplied JavaScript to execute with elevated privileges. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description On Microsoft Windows systems, Mozilla Firefox installs protocol...

Symantec Backup Exec contains heap overflow in RPC interface

Overview Symantec Backup Exec for Windows Servers contains a vulnerability that may allow a remote attacker to cause a denial of service or potentially execute arbitrary code on an affected system. Description Symantec Backup Exec for Windows Servers is a client/server based backup software...

Microsoft Windows Active Directory fails to properly validate LDAP requests

Overview A vulnerability in Windows Active Directory could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Lightweight Directory Access Protocol LDAP is a standard protocol that enables users to query or modify the data in a meta directory. Microsoft's...

SAP DB Web Server buffer overflow vulnerability

Overview The SAP Web Server contains a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description SAP DB is a database server that includes a series of web-based configuration tools.A stack based buffer overlfow exists in the SAP DB web...

SAP Message Server heap buffer overflow

Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...

Lhaca buffer overflow vulnerability

Overview The Lhaca archiving program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description LHA is an archive file format. LHA is used by the Lhaca compression utility.A stack buffer overflow vulnerability exists in the Lhaca program. This...

RealNetworks players SMIL "wallclock" buffer overflow

Overview A buffer overflow in RealNetworks media players could allow a remote attacker to execute arbitrary code on an affected system. Description The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These players support multipl...

Novell NetWare NFS denial of service vulnerability

Overview The Novell NetWare NFS mount daemon contains a denial of service vulnerability. Description Network File System NFS is an ONC RPC based file and print sharing protocol. Novell Netware includes support for the NFS protocol.From Novell Support Document 3008097: If an NFS client attempts a...

602pro Lan Suite 2003 buffer overflow vulnerability

Overview 602pro Lan Suite 2003 contains a buffer overflow vulnerability that may allow an attacker to execute code. Description 602pro Lan Suite 2003 is a mail, firewall and proxy server that runs on the Microsoft Windows operating system.The 602pro Lan Suite 2003 SMTP server contains a buffer...

MIT Kerberos kadmind principal renaming stack buffer overflow

Overview The MIT Kerberos administration daemon kadmind contains a stack buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the principal renaming operation used by the Kerberos...

MIT Kerberos kadmind RPC library gssrpc__svcauth_gssapi() uninitialized pointer free vulnerability

Overview The MIT Kerberos administration daemon kadmind can free an uninitialized pointer, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description The gssrpcsvcauthgssapi function used by the Kerberos administration daemon can free an...

MIT Kerberos kadmind RPC library gssrpc__svcauth_unix() integer conversion error

Overview The MIT Kerberos administration daemon kadmind contains an integer conversion error vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description The gssrpcsvcauthunix function used by the Kerberos administration...

Apple Safari cross-domain HTTP redirection race condition

Overview Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Description Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may...

Apple WebCore XMLHttpRequest fails to properly serialize headers into an HTTP request

Overview Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. Description Apple WebCore is one of the components of the WebKit web browser engine that is used by Safari, Dashboard, Mail, and other applications. WebCore provides...

Apple WebKit frame rendering memory corruption vulnerability

Overview The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple: WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X...

Cerulean Studios Trillian Instant Messenger fails to properly handle "UTF-8" sequences

Overview A vulnerability in Cerulean Studios Trillian Instant Messenger client may lead to execution of arbitrary code. Description Cerulean Studios Trillian Instant Messenger client fails to properly handle specially crafted UTF-8 text. A heap overflow may occur when Trillian receives a messages...

RealNetworks GameHouse dldisplay ActiveX control stack buffer overflows

Overview The RealNetworks GameHouse dldisplay ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks GameHouse is a web site that provides games. GameHouse has an...

Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods

Overview The Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods, which can allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Novell exteNd Director is a set of software development tools and...

Microsoft Windows Secure Channel integer underflow

Overview A vulnerability in Microsoft Windows Secure Channel security package may lead to execution of arbitrary code. Description Microsoft Windows Secure Channel Schannel security package implements standard network authentication protocols Secure Sockets Layer SSL and Transport Layer Security...

Microsoft Windows "MHTML" protocol handler fails to properly handle URL redirections

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret URL redirections, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets URL redirections. The...

Corel / Micrografx ActiveCGM Browser ActiveX control buffer overflows

Overview The Corel / Micrografx ActiveCGM Browser ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Corel ActiveCGM Browser is an ActiveX control that allows viewing of Computer...

Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...

Microsoft Windows Win32 API fails to properly validate function parameters

Overview The Microsoft Windows Win32 API fails to properly validate function parameters, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Win32 API is a set of application programming interfaces for the...

Microsoft Speech API ActiveX controls contain buffer overflows

Overview The Microsoft Speech API ActiveListen and ActiveVoice ActiveX controls contain multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Speech API is a software package that provides text-to-spee...

Zoomify Viewer ActiveX control multiple stack buffer overflows

Overview The Zoomify Viewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Zoomify provides software to incorporate zoomable images into web sites. One of the Zoomify produc...

Mozilla Firefox allows cross-domain iframe access via JavaScript

Overview Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Description An iframe is an HTML element which allow...

Yahoo! Webcam image upload ActiveX control vulnerable to arbitrary code execution

Overview The Yahoo! Webcam image upload ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Webcam is a component of Yahoo! Messenger that allows users to chat via webcams over a...

Yahoo! Webcam view utilities ActiveX control vulnerable to arbitrary code execution

Overview The Yahoo! Webcam view utilities ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Webcam is a component of Yahoo! Messenger that allows users to chat via webcams over ...

Microsoft Windows GDI+ ICO InfoHeader Height division by zero vulnerability

Overview Microsoft Windows GDI+ fails to properly handle ICO files, which could allow a remote, unauthenticated attacker to cause a denial-of-service condition. Description Microsoft Windows Graphics Device Interface GDI+ is an application programming interface API that provides programmers the...

Computer Associates Anti-Virus engine fails to properly handle malformed CAB archives

Overview The Computer Associates Anti-Virus engine contains a stack-based buffer overflow that may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Computer Associates Anti-Virus engine contains a stack-based buffer overflow in the code responsible for processin...

Java Runtime Environment Image Parsing Code buffer overflow vulnerability

Overview The Sun Java Runtime Environment contains a buffer overflow vulnerability that may allow an attacker to execute code or read local files. Description The Java Runtime Environment JRE is a group software packages from Sun Microsystems that allow a computer to access and use Java...

Computer Associates Anti-Virus engine fails to properly handle long file names in CAB archives

Overview The Computer Associates Anti-Virus engine contains a stack-based buffer overflow that may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Computer Associates Anti-Virus engine contains a stack-based buffer overflow in the code responsible for processin...

E-Book Systems FlipViewer ActiveX control stack buffer overflows

Overview The E-Book Systems FlipViewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description E-Book Systems FlipViewer is software for viewing "FlipBooks." FlipViewer includes an...

Microsoft Internet Explorer cross-domain frame race condition

Overview Microsoft Internet Explorer contains a race condition that results in a cross-domain violation. Description Internet Explorer uses a cross-domain security model to maintain separation between browser frames from different sources. This model is designed to prevent code in one domain from...

HP System Management Homepage cross-site scripting vulnerability

Overview The HP System Management Homepage contains a cross-site scripting vulnerability. Description The HP System Management Homepage SMH server is a web-based interface that can manage HP servers running the Microsoft Windows or Linux operating systems.The SMH contains an unspecified cross-sit...

CREDANT Mobile Guardian Shield fails to remove credentials from memory

Overview CREDANT Mobile Guardian Shield fails to properly remove credentials from memory, which may allow an attacker to obtain access to the Windows domain and encrypted drive contents. Description CREDANT Mobile Guardian CMG Shield is a component of Mobile Guardian Enterprise Edition. CMG Shiel...