Novell NetMail IMAP vulnerable to buffer overflow when processing "SUBSCRIBE" commands

Overview A vulnerability in the way Novell Netmail handles IMAP SUBSCRIBE commands may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell Netmail's IMAP server contains a buffer overflow that may occur when processing parameters supplied to the SUBSCRIBE...

Apple Mac OS X UFS filesystem integer overflow vulnerability

Overview There is an integer overflow in the ffsmountfs function, which is used by Apple's OS X operating system to handle UFS disc images. Description Unix File System UFS is a file system used by Unix and other similar operating systems. Apple OS X supports UFS, partitions, and images. There is...

Cisco Secure Access Control Server fails to properly handle a specially crafted RADIUS Accounting-Request packet

Overview A vulnerability in the RADIUS server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system. Description Cisco Secure ACS is a Remote Access Dial-In User Service RADIUS and Terminal Access Controller Access Control System Plu...

Cisco Secure Access Control Server vulnerable to a stack-based buffer overflow via a specially crafted "HTTP GET" request

Overview A vulnerability in the web administrative server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system. Description Cisco Secure ACS is a Remote Access Dial-In User Service RADIUS and Terminal Access Controller Access Contro...

Cisco Secure Access Control Server fails to properly handle specially crafted Access-Request messages

Overview Several vulnerabilities in the RADIUS server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system. Description Cisco Secure ACS is a Remote Access Dial-In User Service RADIUS and Terminal Access Controller Access Control...

CA BrightStor ARCserve Backup Tape Engine directly calls user supplied data in RPC requests

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a vulnerability in its Tape Engine RPC service. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retenti...

Microsoft Outlook vulnerable to DoS via a malformed email message

Overview There is a vulnerability in the way Microsoft Outlook handles malformed email messages that may allow a remote, unauthenticated attacker to cause a denial of service. Description Microsoft Outlook contains a vulnerability in the way that it handles certain email message headers. Accordin...

Acer LunchApp ActiveX Control fails to properly restrict access to methods

Overview The Acer LunchApp ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary commands on a vulnerable system. Description The Acer LunchApp ActiveX control is provided by LunchApp.ocx. It contains a method called Run, which takes three parameters:...

Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

Overview Web browsers running the Apple QuickTime plugin may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browser plugins that allow remote web sites to reference...

CA BrightStor ARCserve Backup Tape Engine RPC buffer overflow

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine RPC service contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention...

CA BrightStor ARCserve Backup Message Engine RPC buffer overflow

Overview The Computer Associates BrightStor ARCserve Backup Message Engine contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that...

Microsoft Outlook fails to properly parse Office Saved Searches (.oss) files

Overview A vulnerability exists in the way Microsoft Outlook handles Office Saved Searches .oss. This vulnerability may allow a remote attacker to execute arbitrary code. Description Office Saved Searches .oss contain views of e-mail items that satisfy previous search criteria.Microsoft Outlook...

Microsoft Excel fails to properly parse malformed Palette records

Overview A vulnerability in the way that Microsoft Excel handles malformed Palette records could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly handle Palette records embedded in Excel documents. When a file containing a malformed...

Microsoft Excel fails to properly handle malformed IMDATA records

Overview A vulnerability in the way that Microsoft Excel handles malformed image records could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate the size of IMDATA records. When a file containing a malformed IMDATA record is...

Mozilla denial of service vulnerability

Overview Certain Mozilla products contain a denial-of-service vulnerability. Description Certain Mozilla products contain a denial-of-service vulnerability that occurs because of an infinite loop in the jsdtoa function. Mozilla Firefox versions prior to 2.0.0.1, Thunderbird prior to 1.5.0.9, and...

Microsoft Excel vulnerable to arbitrary code execution via malformed record

Overview A vulnerability in Microsoft Excel may allow an attacker to execute arbitrary code on a vulnerable system. Description A vulnerability exists in the way Microsoft Excel handles malformed records.Per Microsoft Security Bulletin MS07-002: A remote code execution vulnerability exists in...

Microsoft Excel fails to properly process a malformed Column record

Overview Microsoft Excel contains a memory corruption vulnerability that could enable an attacker to exectue arbitrary code and gain complete control of the vulnerable system. Description Microsoft Excel fails to properly handle malformed Column records. When an Excel file is opened, Excel does n...

Sun Java JRE vulnerable to privilege escalation

Overview A vulnerability in the Sun Java Runtime Environment may allow a malicious applet to gain elevated privileges. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple operati...

Microsoft Outlook fails to properly process a VEVENT record

Overview Microsoft Outlook contains a memory corruption vulnerability that could enable an attacker to execute arbitrary code and gain complete control of the vulnerable system. Description Microsoft Outlook fails to properly handle malformed VEVENT records. When an .iCal meeting request containi...

Sun Java JRE vulnerable to arbitrary code execution via an undetermined error

Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...

Sun Java JRE vulnerable to arbitrary code execution via an unspecified error

Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...

Microsoft Internet Explorer VML buffer overflow

Overview Microsoft Internet Explorer IE fails to properly handle Vector Markup Language tags. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML,...

Kerberos administration daemon may free uninitialized pointers

Overview A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code. Description The MIT krb 5 administration daemon...

Kerberos administration daemon fails to properly initialize function pointers

Overview The Kerberos administration daemon fails to properly initialize pointers. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the Kerberos administration daemon handles...

OpenOffice fails to properly process WMF and EMF files

Overview Multiple buffer overflow vulnerabilities exist in the OpenOffice.org office suite. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary code on a vulnerable system. Description OpenOffice.org is a free office suite that is available for multiple...

Citrix ICA Client ActiveX control buffer overflow

Overview A vulnerability in an ActiveX control provided with the Citrix Presentation Server Client could allow a remote attacker to execute arbitrary code on an affected system. Description The Citrix Presentation Server Client software provides an ActiveX control that can be used to integrate th...

Adobe Acrobat Plug-In cross domain violation

Overview The Adobe Acrobat Plug-In fails to properly validate user-supplied content, which may allow for cross-site scripting. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view...

Wireshark HTTP dissector vulnerability

Overview Wireshark contains a vulnerability in the HTTP dissector that may allow an attacker to cause a denial of service condition. Description Wireshark contains a vulnerability in the HTTP dissector that may allow an attacker to cause a denial of service condition. This vulnerability may be...

Apple QuickTime RTSP buffer overflow

Overview Apple QuickTime may allow remote arbitrary code to be executed via a long src parameter in RTSP URL strings. Description A vulnerability exists in the way Apple QuickTime handles specially crafted Real Time Streaming Protocol RTSP URL strings. An attacker may be able to craft a QTL file ...

ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow

Overview ICONICS Dialog Wrapper Module ActiveX control contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the proce...

Mozilla mail products vulnerable to heap buffer overflow via Content-Type headers

Overview Mozilla mail products contain a heap buffer overflow vulnerability in the way they process Content-Type headers. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Thunderbird and SeaMonkey contain a buffer overflow...

Mozilla SVG memory corruption vulnerability

Overview Mozilla products contain a memory corruption vulnerability related to SVG processing. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Scalable Vector Graphics SVG processing code in Mozilla Firefox and SeaMonke...

Mozilla Layout Engine vulnerability

Overview A vulnerability exists in the Mozilla Layout Engine that may allow a remote attacker to compromise a vulnerable system. Description The Mozilla Layout Engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear...

Novell NetWare Client for Windows OpenPrinter() function vulnerable to buffer overflow

Overview A vulnerability exists in the Novell NetWare client that could allow a remote attacker to execute arbitrary code on an affected system. Description NetWare is a network operating system produced and maintained by Novell. Novell provides NetWare clients for Microsoft Windows and Linux...

Novell NetWare Client for Windows EnumPrinters() function vulnerable to buffer overflow

Overview A vulnerability exists in the Novell NetWare client that could allow a remote attacker to execute arbitrary code on an affected system. Description NetWare is a network operating system produced and maintained by Novell. Novell provides NetWare clients for Microsoft Windows and Linux...

GnuPG vulnerable to remote data control

Overview A vulnerability in GnuPG could allow a remote attacker to execute arbitrary code on an affected system. Description GNU Privacy Guard GnuPG is the GNU project's implementation of the OpenPGP standard as defined by RFC2440.OpenPGP messages are processed by GnuPG using data structures call...

Intel network drivers privilege escalation vulnerability

Overview A buffer overflow vulnerability in Intel PRO Ethernet drivers may allow local attackers to execute code with elevated privileges. Description Intel network adapter drivers are developed and maintained by Intel for Windows and Linux operating systems. A buffer overflow vulnerability exist...

NeoScale Systems CryptoStor 700 series appliances fail to properly perform two-factor authentication

Overview NeoScale Systems CryptoStor 700 series appliances fail to properly perform two-factor authentication. This can make it easier to bypass the CryptoStor authentication process. Description NeoScale Systems CryptoStor Tape units are tape backup encryption appliances. CryptoStor 700 series...

Yahoo Messenger YMailAttach ActiveX control buffer overflow

Overview The Yahoo Messenger YMailAttach ActiveX control contains a buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo Messenger is an instant messaging application. Yahoo Messenger includes several ActiveX...

Symantec Veritas NetBackup bpcd daemon buffer overflow

Overview Symantec Veritas NetBackup contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon is...

Symantec Veritas NetBackup bpcd.exe CONNECT_OPTIONS buffer overflow

Overview Symantec Veritas NetBackup contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon is...

Symantec Veritas NetBackup bpcd daemon fails to properly validate commands

Overview Symantec Veritas NetBackup is vulnerable to command chaining, which may allow a remote, authenticated attacker to execute arbitrary commands on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon fails t...

Microsoft Remote Installation Service Writable Path Vulnerability

Overview A vulnerability in the way Microsoft Remote Installation Service handles TFTP may allow a remote, unauthorized attacker to create or overwrite arbitrary operating system files. Description Microsoft Remote Installation Service contains a vulnerability in the way that it provides TFTP...

Microsoft Word malformed pointer vulnerability

Overview A vulnerability in Microsoft Word could allow an attacker to compromise a vulnerable system. Description Data used by Microsoft Word to construct a destination address for a memory copy routine is embedded within a Word document itself. If an attacker constructs a Word document with a...

Microsoft Internet Explorer TIF Folder arbitrary file access vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles drag and drop operations may allow access of arbitrary files within the Temporary Internet Files folder. Description Microsoft Internet Explorer contains a vulnerability that could be exploited when handling drag and drop...

Sun Secure Global Desktop Software (SSGD) contains multiple cross-site scripting vulnerabilities

Overview The Sun Secure Global Desktop SSGD contains cross-site scripting vulnerabilities. Description Sun Secure Global Desktop formerly Tarantella contains multiple input validation vulnerabilities due to failure to properly sanitize user input. The following modules do not properly filter HTML...

MySpace fails to properly filter user-supplied content

Overview The MySpace web site fails to properly filter user-supplied content, which may allow for cross-site scripting. Description MySpace is a social networking web site that allows users to post blog entries, photos, videos, and other content. MySpace blocks user-supplied JavaScript and VBScri...

Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles certain script errors may lead to memory corruption that may allow remote execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability that could be exploited when handling...

Microsoft Windows SNMP Memory Corruption Vulnerability

Overview A vulnerability in the way Microsoft Windows handles SNMP may allow a buffer overflow that may allow remote execution of arbitrary code. Description Microsoft Windows contains a buffer overflow that may occur when handling malformed SNMP packets. According to Microsoft Security Bulletin...

Microsoft Internet Explorer fails to properly handle malformed DHTML script function calls

Overview A vulnerability in the way Microsoft Internet Explorer handles malformed DHTML script function calls may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Microsoft Security Bulletin MS06-072:When Internet Explorer interprets certain DHTML scrip...