Linux Kernel vulnerable to DoS via the ipv6_getsockopt_sticky() function

Overview The Linux Kernel contains a vulnerability that may allow a remote attacker to create a denial-of-service condition. Description Internet Protocol version 6 IPv6 is a IP standard that is designed to replace the Internet Protocol version 4 IPv4. The Linux kernel provides IPv6 support, and...

Apple CrashDump privilege escalation

Overview CrashReporter contains a privilege escalation vulnerability that may allow authenticated users to run commands as root. Description CrashReporter is a debugging facility in Apple OS X that logs information program crashes.CrashReporter contains a privilege escalation vulnerability. This...

Apple Mac OS X fails to properly handle corrupted UDTO HFS+ image structures

Overview Apple Mac OS X fails to properly handle corrupted UDTO HFS+ image structures. This vulnerability may allow an attacker to cause a denial-of-service condition. Description Hierarchical File System HFS+ is a file system that supports files that use 32-bit block addresses and Unicode file a...

Novell Netmail WebAdmin buffer overflow vulnerability

Overview Novell NetMail contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Novell NetMail is an email and messenging software package developed by Novell. It is designed to offer mail and calendaring services to large groups of users.WebAdmi...

Mozilla Network Security Services (NSS) fails to properly handle the client master key

Overview A vulnerability in the way Mozilla Network Security Services NSS handles the client master key may lead to execution of arbitrary code. Description The SSLv2 protocol uses a client master key to generate all subsequent session keys. The validity of the client master key is determined...

Mozilla Network Security Services (NSS) fails to properly process malformed SSLv2 server messages

Overview A vulnerability in the way Mozilla Network Security Services NSS handles malformed SSLv2 server messages may lead to execution of arbitrary code. Description The SSLv2 protocol uses a client master key to generate all subsequent session keys. The client master key is created using a publ...

Microsoft Windows fails to properly handle malformed OLE documents

Overview A vulnerability exists in a Microsoft Windows library that is used to handle OLE documents. The complete impact of this vulnerability is not clear, but may include the execution of arbitrary code as well as a denial of service. Description Microsoft OLE documents include summary...

Apple QuickTime QTIF heap buffer overflow

Overview Apple QuickTime is vulnerable to a heap buffer overflow which may allow an attacker to execute arbitrary code or crash the system. Description A vulnerability exists in the way Apple QuickTime handles specially crafted QuickTime Image QTIF files. According to Apple QuickTime 7.1.5 securi...

Apple QuickTime UDTA atom integer overflow

Overview Apple QuickTime contains an integer overflow in handling UDTA atoms, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime User Data UDTA Atoms allow a user to "... define and store data associated with a QuickTim...

Apple QuickTime QTIF integer overflow

Overview A vulnerability in Apple QuickTime's handling of files in the QTIF format could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple's QuickTime is a player for files and streaming media in a variety of different formats, including QuickTime Image...

Apple QuickTime fails to properly process specially crafted MIDI files

Overview The Apple Quicktime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description Apple QuickTime contains a heap buffer overflow vulnerability. This vulnerability may allow an...

Apple QuickTime 3GP integer overflow

Overview A vulnerabilty in the way Apple QuickTime processes 3GP files may allow execution of arbitrary code. Description A vulnerability exists in the way Apple QuickTime handles specially crafted 3GP files. According to Apple QuickTime 7.1.5 security document 305149:An integer overflow exists i...

Apple QuickTime QTIF stack buffer overflow

Overview A vulnerabilty in the way Apple QuickTime processes QTIF files may allow execution of arbitrary code. Description A vulnerability exists in the way Apple QuickTime handles specially crafted QuickTime Image QTIF files. According to Apple QuickTime 7.1.5 security document 305149:A stack...

Apple QuickTime movie heap buffer overflow vulnerability

Overview The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description Apple QuickTime contains a heap buffer overflow vulnerability. This vulnerability may allow an...

Apple QuickTime PICT heap buffer overflow

Overview The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description PICT is a graphics file format that was used by Apple Macintosh systems prior to OS X as their...

WordPress fails to properly sanitize input passed to the iz parameter in wp-includes/theme.php

Overview WordPress fails to properly sanitize input to the iz parameter in wp-includes/theme.php, which could allow a remote, unauthenticated attacker to execute arbitrary commands. Description WordPress is a blogging application that is written in PHP. WordPress 2.1.1 fails to properly sanitize...

WordPress fails to properly sanitize input passed to the ix parameter in wp-includes/feed.php

Overview WordPress fails to properly sanitize input to the ix parameter in wp-includes/feed.php, which could allow a remote, unauthenticated attacker to execute arbitrary PHP code. Description WordPress is a blogging application that is written in PHP. WordPress 2.1.1 fails to properly sanitize...

Asterisk null pointer dereference remote pre-authentication DoS vulnerability

Overview Asterisk contains a null pointer dereference vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition on a vulnerable system. Description Asterisk is a popular PBX application with VoIP support. Asterisk contains a null pointer dereference...

Citrix Presentation Server Client vulnerable to arbitrary code execution

Overview A vulnerability in the Citrix Presentation Server Client could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Independent Computing Architecture ICA is an application server protocol used by Citrix products. The Citrix Presentation Server Client for...

Cisco Catalyst Systems with a NAM may allow system access via spoofing the SNMP communication

Overview A vulnerabilty in Cisco Catalyst Systems that have a Network Analysis Module NAM installed may allow a remote, unauthenticated attacker to gain complete control of this device. Description Cisco Catalyst 6000, 6500, and Cisco 7600 series switches may utilize Cisco's NAM to monitor and...

EMC NetWorker Management Console weak authentication vulnerability

Overview A vulnerability in the authentication mechanism used by the Legato NetWorker Management Console may allow an attacker to execute arbitrary commands. Description The EMC NetWorker formerly Legato NetWorker family of products provides solutions for backup and recovery of data. It includes...

Symantec Mail Security for SMTP arbitrary code execution vulnerability

Overview Symantec Mail Security for SMTP contains a vulnerability that may allow an attacker to execute arbitrary code, or create a denial of service condition. Description Symantec Mail Security for SMTP is an antispam, antivirus, and content filtering software package that scans email. Symantec...

Apple iChat fails to properly handle crafted TXT key hashes

Overview A vulnerability in the way Apple iChat handles specially crafted TXT key hashes could lead to denial of service. Description Apple iChat is an instant message client for Apple Mac OS X. Apple iChat Agent is a back-end process that manages iChat sessions and available contacts. Apple...

Mozilla layout engine contains multiple vulnerabilities

Overview The Mozilla layout engine contains multiple memory corruption vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, or create a denial of service condition. Description The Mozilla Foundation supports several Open Source projects, including the Mozilla,...

HP Mercury products vulnerable to buffer overflow

Overview Some HP Mercury products are vulnerable to a buffer overflow and may allow an attacker to execute arbitrary code. Description The magentproc.exe service provided with some HP Mercury products fails to properly parse values in the serveripname field. If an overly long value is sent in thi...

Mozilla Firefox SVG viewer vulnerable to integer overflow

Overview The Mozilla SVG viewer contains an integer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description Scalable Vector Graphics SVG is an XML markup language for describing and displaying animated or...

Mozilla Firefox fails to properly handle JavaScript onUnload events

Overview Mozilla Firefox does not properly handle JavaScript onUnload events. This vulnerability may lead to memory corruption that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The JavaScript onUnload event is executed when the brows...

Mozilla JavaScript engine vulnerable to memory corruption

Overview The Mozilla JavaScript engine contains multiple memory corruption vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, or create a denial of service condition. Description The Mozilla Foundation supports several Open Source projects, including the...

SupportSoft ActiveX controls contain multiple buffer overflows

Overview The SupportSoft ActiveX controls contain multiple buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SupportSoft provides multiple ActiveX packages that are used by third party vendors to...

Google Desktop vulnerable to cross-site scripting

Overview A cross-site scripting vulnerability exists in the Google Desktop Search application. This vulnerability may allow an attacker to take any action on a vulnerable system that the Google Desktop Search can. Description Google Desktop Search is a desktop search program that is integrated in...

Macrovision FLEXnet Connect / InstallShield Update Service Agent ActiveX buffer overflows

Overview The Macrovision / InstallShield Update Service Web Agent ActiveX control contains buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description The InstallShield Update Service, now known as Macrovision FLEXnet Connect, contains an ActiveX...

VeriSign Managed PKI Configuration Checker ActiveX control stack buffer overflow

Overview The VeriSign Configuration Checker ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The VeriSign Configuration Checker ActiveX control is provided by web-based digital...

Macrovision / InstallShield InstallFromTheWeb buffer overflows

Overview Macrovision / InstallShield InstallFromTheWeb contains multiple buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description InstallShield InstallFromTheWeb is a web-based software installation product for Microsoft Windows systems...

Trend Micro ServerProtect ENG_SendEMail() stack buffer overflow

Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the ENGSendEMail routine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially crafted...

Trend Micro ServerProtect STCommon stack buffer overflow

Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONActiveUpdate and CMONActiveRollbackroutines possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by...

Trend Micro ServerProtect CMON_NetTestConnection() stack buffer overflow

Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONNetTestConnectionroutine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially...

Trend Micro ServerProtect fails ENG_SetRealTimeScanConfigInfo() stack buffer overflow

Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the ENGSetRealTimeScanConfigInforoutine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a...

JBoss Application Server may not properly restrict access to the administrative interface

Overview The JBoss Application Server may allow unauthenticated, remote access to the administrative console. Description JBoss is an open source application server implemented in Java. Because it is Java-based, JBoss can be used on any operating system that supports Java. JBoss servers can be...

Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control buffer overflows

Overview The Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control contains multiple buffer overflows, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Trend Micro OfficeScan comes with a web-based administration console that makes use...

Microsoft Malware Protection Engine fails to properly process a specially crafted PDF File

Overview A vulnerability in the way Microsoft Malware Protection Engine processes PDF files may lead to execution of arbitrary code. Description Microsoft Malware Protection Engine contains a vulnerability that could be exploited when it attempts to process specially crafted PDF files. According ...

Microsoft Internet Explorer fails to properly interpret certain responses from FTP servers

Overview A vulnerability in the way Microsoft Internet Explorer handles responses from FTP servers may lead to execution of arbitrary code. Description Microsoft Internet Explorer contains an unspecified vulnerability that could be exploited when it attempts to interpret responses from FTP server...

Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets

Overview A vulnerability in the Sourcefire Snort DCE/RPC preprocessor may allow a remote, unauthenticated attacker to execute arbitrary code. Description Sourcefire Snort is a widely-deployed, open-source network intrusion detection system IDS. Snort and its components are used in other IDS...

Apple Mac OS X UserNotificationCenter privilege escalation vulnerability

Overview Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Description The Apple UserNotificationCenter contains a privilege escalation vulnerability. This vulnerability occurs because the Apple UserNotificationCenter runs with elevate...

Cisco Firewall Services Module vulnerable to DoS via inspection of malformed SIP messages

Overview Cisco Firewall Services Module fails to properly inspect SIP messages. This vulnerability may allow a remote attacker to cause a denial of service condition. Description The Cisco Firewall Services Module is an integrated firewall service for Cisco Catalyst 6500 series switches and Cisco...

Apple iChat AIM URI handler format string vulnerability

Overview Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. Description The Apple iChat AIM URI handler fails to properly sanitize user-controlled data that is supplied to a formatted output function. This...

Apple Mac OS X Finder DMG volume name buffer overflow

Overview Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder...

Microsoft Windows Shell vulnerable to privilege escalation

Overview A vulnerability in Microsoft Windows Shell may allow an attacker to gain access with escalated privileges. Description The Microsoft Windows Shell Hardware Detection service provides notification for AutoPlay hardware events. This service fails to properly validate a function parameter i...

LizardTech DjVu Browser Plug-in buffer overflow vulnerabilities

Overview The LizardTech DjVu Browser Plug-in contains multiple buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description The LizardTech DjVu Browser Plug-in is an application that allows the user to view DjVu documents in a web browser. It is...

Microsoft Word fails to properly handle malformed strings

Overview A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens...

Mozilla browsers "location.hostname" cross-domain vulnerability

Overview Mozilla-based browsers contain a cross-domain vulnerability, which may allow an attacker to access data in other sites. Description Mozilla uses a same origin security model to maintain separation between browser frames from different sources. This model is designed to prevent code in on...