3704 matches found
Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets
Overview A vulnerability in the Sourcefire Snort DCE/RPC preprocessor may allow a remote, unauthenticated attacker to execute arbitrary code. Description Sourcefire Snort is a widely-deployed, open-source network intrusion detection system IDS. Snort and its components are used in other IDS...
Apple Mac OS X UserNotificationCenter privilege escalation vulnerability
Overview Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Description The Apple UserNotificationCenter contains a privilege escalation vulnerability. This vulnerability occurs because the Apple UserNotificationCenter runs with elevate...
Apple Mac OS X Finder DMG volume name buffer overflow
Overview Apple Mac OS X Finder fails to properly handle DMG files with large volume names, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description DMG files are disk images that can contain a variety of filesystems. Apple Mac OS X Finder...
Apple iChat AIM URI handler format string vulnerability
Overview Apple iChat contains a format string vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitary code. Description The Apple iChat AIM URI handler fails to properly sanitize user-controlled data that is supplied to a formatted output function. This...
Cisco Firewall Services Module vulnerable to DoS via inspection of malformed SIP messages
Overview Cisco Firewall Services Module fails to properly inspect SIP messages. This vulnerability may allow a remote attacker to cause a denial of service condition. Description The Cisco Firewall Services Module is an integrated firewall service for Cisco Catalyst 6500 series switches and Cisco...
McAfee Virex fails to properly authenticate the source of updates
Overview McAfee Virex automatic updates may not properly authenticate the source of updates. This may allow a remote attacker to execute arbitrary commands on a vulnerable system. Description McAfee Virex is anti-virus software for the Mac OS X platform. McAfee Virex 7 for Mac OS X connects to a...
LizardTech DjVu Browser Plug-in buffer overflow vulnerabilities
Overview The LizardTech DjVu Browser Plug-in contains multiple buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description The LizardTech DjVu Browser Plug-in is an application that allows the user to view DjVu documents in a web browser. It is...
Mozilla browsers "location.hostname" cross-domain vulnerability
Overview Mozilla-based browsers contain a cross-domain vulnerability, which may allow an attacker to access data in other sites. Description Mozilla uses a same origin security model to maintain separation between browser frames from different sources. This model is designed to prevent code in on...
Microsoft Word fails to properly handle malformed strings
Overview A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens...
Microsoft Windows Shell vulnerable to privilege escalation
Overview A vulnerability in Microsoft Windows Shell may allow an attacker to gain access with escalated privileges. Description The Microsoft Windows Shell Hardware Detection service provides notification for AutoPlay hardware events. This service fails to properly validate a function parameter i...
Microsoft Step-by-Step Interactive Training contains a buffer overflow
Overview Microsoft Step-by-Step Interactive Training contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description Microsoft Step-by-Step Interactive Training is a training program developed by MIcrosoft. It is...
Microsoft MFC component vulnerable to remote code execution via malformed embedded OLE object
Overview A memory corruption vulnerability exists in the MFC component that is provided with Microsoft Windows and Visual Studio Description The Microsoft Foundation Class Library MFC, is a Microsoft library that wraps parts of the Windows API in C++ classes. MFC is included in Microsoft Visual...
Microsoft Windows fails to properly handle malformed OLE objects embedded in RTF documents
Overview A vulnerability in the way that Microsoft Windows handles OLE objects embedded within RTF documents may allow an attacker to execute arbitrary code. Description Microsoft Object Linking and Embedding OLE is a technology that allows applications to create and edit compound documents...
Microsoft Internet Explorer vulnerable to remote code execution
Overview A vulnerability in the way Microsoft Internet Explorer instantiates COM objects may lead to execution of arbitrary code. Description Component Object Model, or COM objects, are used to enable interprocess communication and dynamic object creation within Microsoft Windows. Microsoft...
Microsoft RichEdit vulnerable to remote code execution via malformed embedded OLE object
Overview Microsoft's RichEdit contains a vulnerability that may allow an attacker to execute code. Description From Murray Sargent's MSDN blog:RichEdit 6.0 is a facility for getting plain/rich-text, single/multiline Unicode/ANSI edit controls and combo/list boxes in single world-wide binary that...
Microsoft Internet Explorer fails to properly instantiate COM objects
Overview A vulnerability in the way Microsoft Internet Explorer instantiates COM objects may lead to execution of arbitrary code. Description Component Object Model, or COM objects are used to enable interprocess communication and dynamic object creation within Microsoft Windows. Microsoft Intern...
Aruba Mobility Controller vulnerable to privilege escalation
Overview The Aruba Mobility Controller Management Interface contains a privilege escalation vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in...
Aruba Mobility Controller Management Interface contains a buffer overflow
Overview The Aruba Mobility Controller Management Interface contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in a wireless network...
Microsoft HTML Help ActiveX control fails to properly validate input
Overview The Microsoft HTML Help ActiveX control fails to properly validate input, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The HTML Help Control HHCtrl Object is a Windows ActiveX control that provides the ability to view...
Sun Solaris telnet authentication bypass vulnerability
Overview A vulnerability in the Sun Solaris telnet daemon in.telnetd could allow a remote attacker to log on to the system with elevated privileges. Description The Sun Solaris telnet daemon may accept authentication information via the USER environment variable. However, the daemon does not...
Trend Micro Anti-Rootkit Common Module fails to properly restrict access to the "\\.\TmComm" DOS device interface
Overview A vulnerability exists in Trend Micro's Anti-Rootkit Common Module that may allow a local attacker to gain elevated privileges. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro Anti-Rootkit Common Module is included with Trend Micro...
Trend Micro Anti-Rootkit Common Module fails to properly validate input
Overview A vulnerability exists in Trend Micro Anti-Rootkit Common Module that may allow a local attacker to gain elevated privileges. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro Anti-Rootkit Common Module is included with TrendMicro...
TWiki vulnerable to arbitrary code execution via CGI session files
Overview TWiki fails to protect the CGI session directory, which may allow an attacker to execute arbitrary code with the privileges of the web server. Description TWiki is a web-based collaborative publishing environment. TWiki creates CGI session files in the global /tmp directory, which is...
Trend Micro AntiVirus fails to properly process malformed UPX packed executables
Overview The Trend Micro AntiVirus scanning engine contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro virus scanning...
Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability
Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...
Samba AFS ACL mapping VFS plug-in format string vulnerability
Overview Samba AFS ACL mapping VFS plug-in contains a format string vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Samba AFS ACL mapping VFS plug-in fails to properly sanitize user-controlled file names that are used in ...
IBM Tivoli Storage Manager vulnerable to a buffer overflow
Overview A buffer overflow condition exists in the IBM Tivoli Storage manager. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code. Description The IBM Tivoli Storage Manager TSM is a remote backup softwar...
Microsoft Excel memory access vulnerability
Overview An unspecified vulnerability in Microsoft Excel may allow a remote attacker to execute arbitrary code. Description Microsoft Excel contains a vulnerability. According to Microsoft Security Bulletin MS07-015 The vulnerability is caused when Excel opens a specially crafted Excel file which...
IBM Tivoli Storage Manager Server vulnerable to buffer overflow
Overview A buffer overflow condition exists in the IBM Tivoli Storage manager server. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code. Description The IBM Tivoli Storage Manager TSM is a remote backup...
IBM Tivoli Storage Manager SmExecuteWdsfSession( ) function vulnerable to buffer overflow
Overview A buffer overflow condition exists in certain login fields on the IBM Tivoli Storage manager server. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code Description The IBM Tivoli Storage Manager...
Apple Airport Extreme fails to properly process 802.11 frames
Overview A vulnerability exists in the Apple AirPort Extreme wireless driver that may allow an attacker to crash a vulnerable system. Description The Apple AirPort Extreme adapter is an 802.11g compatible wireless adapter used in Apple OS X laptops and desktops. A flaw exists in the way AirPort...
Sun Solaris fails to properly process ICMP packets
Overview Sun Solaris fails to properly handle ICMP packets, which may allow a remote, unauthenticated attacker to cause a denial of service. Description Sun Solaris 10 contains an unspecified error that can cause a system panic when handling a specially crafted ICMP packet. Note that Solaris 8 an...
Cisco IOS fails to properly handle Session Initiated Protocol packets
Overview Cisco devices that run IOS and support voice traffic fail to properly handle Session Initiated Protocol packets. Exploitation of this vulnerability may result in a denial-of-service condition. Description Cisco IOS is an operating system that is used on Cisco network devices. According t...
PGP Desktop service fails to validate user supplied data
Overview PGP Desktop fails to properly validate objects passed into the PGP Desktop service. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code. Description PGP Desktop versions prior to 9.5.1 fail to properly validate objects passed into the PGP Desktop servi...
Computer Associates BrightStor ARCserve Backup LGSERVER.EXE stack buffer overflow
Overview Computer Associates BrightStor ARCserve Backup contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Computer Associates BrightStor ARCserve Backup products come with a service called LGSERVER.EX...
Computer Associates BrightStor ARCserve Backup LGSERVER.EXE heap buffer overflow
Overview Computer Associates BrightStor ARCserve Backup contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Computer Associates BrightStor ARCserve Backup products come with a service called LGSERVER.EXE. Thi...
Voice mail systems allow administrative access based on Caller ID
Overview Certain voice mail systems trust Calling Number Identification CNID, Caller ID to authenticate administrative access to voice mail accounts. Caller ID can be easily spoofed, allowing an attacker to gain control over a vulnerable voice mailbox. Description Some voice mail systems use Call...
Sun Solaris Kernel SSL Proxy service is vulnerable to a denial of service condition
Overview The Sun Solaris Kernel SSL Proxy service contains a flaw that may allow a remote attacker to cause a denial of service condition. Description Sun Solaris 10 operating system provides a module called the SSL Kernel Proxy to improve the performance of applications that do SSL packet...
Apple Mac OS X AFP server may disclose file and folder information in search results
Overview A vulnerability in the Apple Mac OS X AFP server may disclose file and folder items to unauthorized users. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files stored on a server. When file sharing is enabled, Apple's Mac OS X AFP server...
Microsoft Word 2000 stack buffer overflow
Overview A stack-based buffer overflow in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word 2000 fails to properly handle malformed documents allowing a stack-based buffer overflow to occur. It is possible that this vulnerability c...
Citrix Access Gateway appliances vulnerable to information disclosure
Overview A vulnerability exists in Citrix Access Gateway appliances that may allow an attacker to access data and compromise the system. Description Citrix Access Gateway products are universal SSL VPN appliances providing a secure, always-on, single point-of-access to an organization's...
Cisco IOS fails to properly process certain packets containing a crafted IP option
Overview Cisco IOS software contains a vulnerablity that may allow an attacker to execute arbitrary code or create a denial of service condition. Description Cisco IOS is an operating system that is used on Cisco network devices. The Internet Control Message Protocol ICMP is a protocol commonly...
Online Media Technologies NCTsoft NCTAudioFile2 ActiveX buffer overflow
Overview The Online Media Technologies NCTsoft NCTAudioFile2 ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies NCTsoft provides an ActiveX control...
Cisco IOS fails to properly process specially crafted IPv6 packets
Overview Cisco IOS fails to properly process IPv6 packets with specially crafted routing headers. Successful exploitation of this vulnerability may allow an attacker to execute code, or create a denial-of-service condition. Description Internet Protocol version 6 IPv6 is a IP standard that is...
Cisco IOS fails to properly process TCP packets
Overview The Cisco IOS Transmission Control Protocol listener contains a memory leak. Description Cisco IOS is an operating system that is used on Cisco network devices. The Cisco IOS software can run Transmission Control Protocol TCP servers that allow administrators to connect to the devices fo...
SAP Internet Graphics Service buffer overflow
Overview SAP Internet Graphics Service contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to SAP,The Internet Graphics Service IGS constitutes the infrastructure to enable the...
Adobe Acrobat allows pointer overwrite via specially crafted PDF file
Overview Adobe Acrobat and Adobe Reader fail to properly handle a specially crafted PDF file, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Adobe Acrobat and Adobe Reader are applications designed to create and view Portable Document Format PDF...
Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI
Overview Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded. Description A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security...
Mozilla JavaScript Engine multiple memory corruption vulnerabilities
Overview Several vulnerabilities exists in the Mozilla JavaScript Engine that may allow a remote attacker to compromise a vulnerable system. Description The Mozilla JavaScript Engine contains multiple vulnerabilities that may result in memory corruption. According to the Mozilla Foundation Securi...
Mozilla products vulnerable to privilege escalation via a JavaScript watch() function
Overview A vulnerability exists in Mozilla products that may allow a remote attacker to gain elevated privileges. Description Mozilla products contain a vulnerability in the way the JavaScript watch function is handled that may result in privilege escalation. According to the Mozilla Foundation...