3704 matches found
Cisco ASA clientless SSL VPN denial of service vulnerability
Overview The Cisco ASA firewall's SSL VPN component contains an denial-of-service vulnerability. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing, intrusion prevention system IPS, and VPN components. The clientless SSL VPN allows remote users with a web...
Cisco PIX and ASA authentication bypass vulnerability
Overview The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing and...
Apple QuickTime for Java QTPointerRef heap memory corruption vulnerability
Overview Apple QuickTime for Java contains a heap memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This...
LiveData Server fails to properly handle Connection-Oriented Transport Protocol packets
Overview The LiveData Server fails to handle malformed Connection-Oriented Transport Protocol COTP packets. This vulnerability may allow a remote attacker to crash the LiveData Server. Description The LiveData Server records and transmits data between two or more control systems. The...
Cisco ASA fails to properly process DHCP relay packets
Overview The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing and intrusion prevention system IPS features. DHCP relay allows...
OPeNDAP code execution vulnerability
Overview OPeNDAP server version 3 contains a vulnerability that allows an attacker to execute comands on the server. Description From the OPenNDAP website:OPeNDAP provides software which makes local data accessible to remote locations regardless of local storage format. OPeNDAP also provides tool...
IncrediMail IMMenuShellExt ActiveX control stack buffer overflow vulnerability
Overview The IncrediMail IMMenuShellExt ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IncrediMail is an email application that includes animations and 1000's of emoticons...
Cisco NetFlow Collection Engine contains known default passwords
Overview A vulnerability in the Cisco NetFlow Collection Engine could allow a remote attacker to gain access to a vulnerable system. Description The Cisco Network Services CNS NetFlow Collection Engine NFC is a software package for supported UNIX platforms and is used to collect and monitor NetFl...
Airodump-ng buffer overflow vulnerability
Overview The airodump-ng program, which is a part of the aircrack-ng suite, contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute code. Description The aircrack-ng suite is a group of related programs that can be used to recover W...
HP-UX sendmail vulnerable to denial of service
Overview HP-UX contains an unspecified vulnerability in sendmail, which may allow a remote, unauthenticated attacker to cause a denial of service. Description HP-UX systems running sendmail are vulnerable to an unspecified denial of service. According to HP technical document c00841370, the...
CA BrightStor ARCserve Backup Media Server RPC service buffer overflows
Overview The CA BrightStor ARCserve Backup Media Server contains multiple buffer overflows in the RPC service, which can allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Description BrightStor ARCserve Backup is a backup and data retention tool that...
Microgaming Download Helper ActiveX control stack buffer overflow
Overview The Microgaming Download Helper ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microgaming provides software for online gaming, including online casinos. The Microgaming...
McAfee VirusScan Enterprise heap buffer overflow vulnerability
Overview The McAfee VirusScan progream contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to arbitrary execute code. Description McAfee VirusScan Enterprise includes an anti-virus, firewall, and host-based intrusion protection system. The on-demand...
Apple Macintosh OS X VideoConference SIP heap buffer overflow
Overview The Apple VideoConference framework contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple's VideoConference framework is used in iChat and other applications to stream video. iChat uses SIP to make and receive...
Apple Macintosh OS X fails to properly mount WebDAV filesystems
Overview A vulnerability in the way that Apple Macintosh OS X mounts WebDAV filesystems could allow a local attacker to execute commands with elevated privileges. Description Web-based Distributed Authoring and Versioning WebDAV is a set of extensions to the HTTP protocol which allows collaborati...
Apple AFP Client privilege escalation vulnerability
Overview The Apple File Protocol AFP Client fails to properly clean its environment before executing commands. This vulnerability may allow a local attacker execute commands with elevated privileges. Description The Apple File Protocol service allows Apple Mac OS clients to access files remotely...
Google Reader cross-site request forgery vulnerability
Overview Google Reader is vulnerable to a persistent cross-site request forgery attack that may be exploited by a specially crafted RSS feed. Description Google Reader is an online RSS feed reader. It can display text and images when displaying RSS feeds.Google Reader contains a cross-site reques...
Oracle Database vulnerable to privilege escalation
Overview A vulnerability in Oracle Database for Microsoft Windows could allow a remote attacker to log on to the system with elevated privileges. Description A vulnerability exists in Oracle Database's Core Relational Database Management System RDBMS that may allow a remote attacker to log on to...
Second Sight Software ActiveMod ActiveX control stack buffer overflow
Overview The Second Sight Software ActiveMod ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveMod is a music player that is provided as an ActiveX control...
Second Sight Software ActiveGS ActiveX control stack buffer overflows
Overview The Second Sight Software ActiveGS ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveGS is an Apple IIGS emulator that is provided as an...
Akamai Download Manager ActiveX control buffer overflow
Overview The Akamai Download Manager ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Akamai Download Manager is software designed to enhance the ability to download content. The Akamai...
Microsoft Content Management Server fails to properly process crafted HTTP requests
Overview A vulnerability in the way Microsoft Content Managment Server handles HTTP requests may lead to execution of arbitrary code. Description Microsoft Content Managment Server CMS contains a vulnerability that could be exploited when it attempts to process specially crafted HTTP requests...
The Wizz RSS Reader chrome access vulnerability
Overview The Wizz RSS Reader contains a vulnerability that may allow an attacker to take any action that Mozlla Firefox can. Description The Mozilla Firefox user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window...
Microsoft Windows DNS RPC buffer overflow
Overview The Microsoft DNS service Remote Procedure Call RPC implementation contains a stack buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges. Description The Microsoft Windows DNS service uses RPC to facilitate remote management. Th...
HP Mercury Interactive Quality Center Spider Module ActiveX control stack buffer overflow
Overview The HP Mercury Interactive Quality Center Spider Module ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Mercury Interactive Quality Center includes an ActiveX control...
HP-UX ICMP vulnerable to DoS via ICMP Path Maximum Transmission Unit (PMTU) Discovery
Overview A vulnerability in HP-UX may allow a remote attacker to cause a denial of service by sending a specially crafted ICMP packet. Description A number of widely accepted Internet standards describe different aspects of the relationships between the Internet Control Message Protocol ICMP and...
PhpWiki fails to properly restrict uploaded files
Overview PhpWiki fails to properly restrict uploaded files, which can allow a remote attacker to execute arbitrary commands on a vulnerable system. Description PhpWiki is Wiki software that is implemented in PHP. PhpWiki includes an "UpLoad" feature that allows users to upload files. Files with a...
Microsoft Windows Agent fails to properly process crafted URLs
Overview Microsoft Agent fails to properly handle specially crafted URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Agent is software that provides animated characters to enhance interaction with computer systems...
Microsoft Windows Kernel vulnerable to privilege escalation
Overview The Microsoft Windows Kernel contains a privilege escalation vulnerability that may allow a local attacker to take control of the system. Description The Microsoft Windows Kernel fails to properly set permissions when mapping to a memory segment. By running a specially crafted applicatio...
Microsoft Windows Vista CSRSS privilege escalation vulnerability
Overview The Microsoft Windows Client/Server Run-time Subsystem CSRSS process fails to properly handle error messages. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Client/Server Run-time Subsystem CSRSS is an essential subsystem. CSRSS is responsib...
Microsoft Windows CSRSS error handling vulnerability
Overview The Microsoft Windows Client/Server Run-time Subsystem CSRSS process fails to properly handle error messages. This vulnerability may allow a remote attacker to execute arbitrary code. Description According to Microsoft Security Bulletin MS07-021:CSRSS is the user-mode portion of the Win3...
Yahoo! Messenger AudioConf ActiveX Control buffer overflow vulnerability
Overview The Yahoo! Messenger AudioConf ActiveX control contains a buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Messenger is an instant messaging application. Yahoo! Messenger includes several ActiveX...
Internet Pictures Corporation iPIX Image Well ActiveX controls contain buffer overflows
Overview The Internet Pictures Corporation iPIX Image Well ActiveX controls contain buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Internet Pictures Corporation has produced equipment and software to create 360...
AOL SuperBuddy ActiveX fails to properly validate method arguments
Overview The AOL SuperBuddy ActiveX control does not properly validate arguments to the LinkSBIcons method. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL SuperBuddy ActiveX control Sb.SuperBuddy.1 is a compone...
Intel Centrino wireless drivers fail to properly process malformed frames
Overview Microsoft Windows drivers for Intel Centrino wireless adapters fail to properly handle malformed frames. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Windows drivers for Intel Centrino 2200BG and 2915ABG PRO wireless adapters fail to...
MIT Kerberos 5 GSS-API library double-free vulnerability
Overview The GSS-API library provided with MIT krb5 contains a vulnerability that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability in the way the GSS-API library provided with MIT krb5 handles messages with an invalid...
MIT Kerberos 5 administration daemon stack overflow in krb5_klog_syslog()
Overview The Kerberos administration daemon contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the krb5klogsyslog function used by the Kerberos administration daemon handl...
SolidWorks sldimdownload ActiveX control fails to restrict access to methods
Overview The SolidWorks sldimdownload ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary code on a vulnerable system. Description SolidWorks provides 3D CAD software solutions. The SolidWorks sldimdownload ActiveX control is provided by the file...
MIT Kerberos 5 telnet daemon allows login as arbitrary user
Overview A vulnerability exists in the version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthorized attacker to log on to the system with elevated privileges. Description A vulnerability exists version of the telnet daemon included with the MIT...
CA Brightstor ARCserve Backup fails to properly process RPC requests
Overview The Computer Associates BrightStor ARCserve Backup contains a buffer overflow in the handling of RPC data that may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data...
Microsoft Windows animated cursor stack buffer overflow
Overview Microsoft Windows contains a stack buffer overflow in the handling of animated cursor files. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Animated cursor files .ani contain animated graphics for icons and...
IBM Lotus Domino LDAP server DN message heap buffer overflow
Overview The IBM Lotus Domino LDAP server is vulnerable to a heap buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description IBM Lotus Domino server software provides email, calendar, scheduling, and collaboration...
file integer overflow vulnerability
Overview The file program contains a vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description file is a program for Unix-like operating systems that is used to determine what type of data is contained in a file.file contains a buffer...
McAfee ePolicy Orchestrator and ProtectionPilot ActiveX control buffer overflow vulnerability
Overview A vulnerability in an ActiveX control provided with the McAfee ePolicy Orchestrator and ProtectionPilot software could allow a remote attacker to execute arbitrary code on an affected system. Description The McAfee ePolicy Orchestrator and ProtectionPilot are applications that are design...
InterActual Player SyscheckObject ActiveX controls contain stack buffer overflows
Overview InterActual Player provides multiple ActiveX controls that are vulnerable to buffer overflows. This can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems...
NETxAutomation NETxEIB OPC Server fails to properly validate OPC server handles
Overview The NETxAutomation NETxEIB OPC Server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the process control and...
Takebishi Electric DeviceXPlorer OPC Server fails to properly validate OPC server handles
Overview The Takebishi Electric DeviceXPlorer OPC server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the process control...
CA BrightStor ARCserver Tape Engine memory corruption vulnerability
Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a memory corruption vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description BrightStor ARCserve Backup is a...
CA BrightStor ARCserver Tape Engine denial-of-service vulnerability
Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to shut down the tape engine interface. Description BrightStor ARCserve Backup is a backup and data retention tool that...
Apple Mac OS X fails to properly handle crafted AppleSingleEncoding disk images
Overview A vulnerabilty in the Apple Mac OS X AppleSingleEncoding disk image handler may allow execution of arbitrary code or denial of service. Description Apple Mac OS X contains a vulnerability that may be exploited when a user mounts a specially crafted AppleSingleEncoding disk image file...