3704 matches found
Mozilla products allow execution of arbitrary JavaScript
Overview Multiple Mozilla products allow running JavaScript to be recompiled while executing. This vulnerability may allow a remote attacker to execute arbitrary JavaScript bytecode. Description According to Mozilla Foundation Security Advisory 2006-67: ...it was possible to modify a Script objec...
Mozilla products vulnerable to memory corruption
Overview A vulnerability exists in the way Mozilla products process JavaScript. This vulnerability may allow an attacker to execute arbitrary code. Description The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird...
Mozilla products contain several unspecified errors in the layout engine
Overview The Mozilla layout engine contains several unspecified vulnerabilities that may allow an attacker to execute arbitrary code or crash the vulnerable application. Description The Mozilla layout engine, also known as Gecko, is responsible for parsing HTML, XML, CSS, layout, and rendering...
Symantec Automated Support Assistant ActiveX control buffer overflow
Overview The Symantec Automated Support Assistant ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Symantec Automated Support Assistant control is an ActiveX control that comes with...
Apache mod_tcl module contains a format string error
Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...
Clam AntiVirus fails to properly handle crafted Portable Executable (PE) files
Overview A vulnerability in the way Clam AntiVirus processes Portable Executable PE files may lead to execution of arbitrary code. Description Clam AntiVirus is a GPL virus scanner that has built-in support for for a number of file types including PE. According to iDefense Public Advisory:...
The Red Hat Enterprise Linux 3 SMP Kernel fails to properly handle IPC shared-memory
Overview The Red Hat Enterprise Linux 3 SMP Kernel may allow an authenticated attacker to cause a denial-of-service condition with specially crafted IPC shared-memory functions. Description Inter-Process Communication IPC shared-memory is a method of passing data between programs used by the Red...
Microsoft XML Core Services XMLHTTP ActiveX control vulnerability
Overview The Microsoft XML Core Services XMLHTTP ActiveX control contains an unspecified vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use applications such as...
Computer Associates BrightStor ARCserv and Protection Suite products RPC buffer overflow vulnerabilities
Overview Multiple vulnerabilities exist in Computer Associates backup products. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data...
WMI Object Broker ActiveX Control bypasses ActiveX security model
Overview The Microsoft WMI Object Broker ActiveX control bypasses the ActiveX security model, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software...
Computer Associates Discovery Service buffer overflow
Overview Multiple Computer Associates products contain a buffer overflow in the code that handles the Discovery Service protocol. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup, BrightStor...
ADODB.Connection ActiveX control memory corruption vulnerability
Overview The Execute function of the ADODB.Connection ActiveX object contains an unspecified vulnerability. This may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or possibly execute arbitrary code. Description Microsoft ADO ActiveX Data Objects are "...
AOL Nullsoft Winamp Lyrics3 heap buffer overflow
Overview AOL Nullsoft Winamp contains a heap-based buffer overflow in the code that handles Lyrics3 tags. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description Lyrics3 is a system for embedding the lyrics inside an MP3 song file...
Novell GroupWise Messenger fails to properly handle HTTP POST requests.
Overview Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may allow a remote attacker to cause a denial of service condition. Description Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may be triggered by sendin...
Microsoft Internet Explorer 7 may allow address bar spoofing
Overview Internet Explorer 7 may allow address bar spoofing in pop-up windows. This could let an attacker spoof the address of a web site. Description Internet Explorer 7 includes a new feature called "Address bar protection." This makes sure that every window, including pop-ups, will present an...
Wireshark SSCOP dissector fails to properly handle malformed packets
Overview Wireshark contains a vulnerability in the SSCOP dissector that may cause a denial of service condition. Description Wireshark contains a vulnerability in the Service-Specific Connection Oriented Protocol SSCOP dissector.Wireshark states that: If the SSCOP dissector has a port range...
Wireshark contains multiple off-by-one errors in the IPSec ESP preference parser
Overview Wireshark contains a vulnerability in the IPSec ESP preference parser that may cause a denial of service condition. Description Wireshark contains multiple off-by-one vulnerabilities in the IPSec ESP preference parser when the application has been compiled with ESP decryption support.Thi...
X.Org fails to check for setuid failure on Linux systems
Overview Programs distributed as part of the X.Org software distribution fail to properly handle test results for effective user ID. This vulnerability may lead to privilege escalation. Description Linux, like most Unix systems, provides a system call, setuid, to set the effective user ID of a...
Wireshark contains an unspecified vulnerability in the SCSI dissector
Overview Wireshark contains a vulnerability in the SCSI dissector that may cause a denial-of-service condition. Description The SCSI dissector in Wireshark contains an unspecified error that may allow remote attackers to cause a denial-of-service condition.Wireshark states that Wireshark version...
Opera Web Browser fails to properly process overly long URLs
Overview The Opera Web Browser fails to properly process overly long URLs. This vulnerability may allow arbitrary code execution. Description Opera is a multi-platform web browser that is available for a range of operating systems and embedded Internet products. Opera contains a heap buffer...
Oracle MDSYS.SDO_LRS package vulnerable to PL/SQL injection
Overview The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection...
Oracle CREATE_CHANGE_TABLE procedure vulnerable to PL/SQL injection
Overview The Oracle CREATECHANGETABLE procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle CREATECHANGETABLE procedure fails to properly filter us...
Oracle DISABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection
Overview The Oracle DISABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle DISABLEHIERARCHYINTERNAL procedure fails to...
Oracle SYS.DBMS_CDC_IMPDP package vulnerable to PL/SQL injection
Overview The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection...
Integer overflow vulnerability in Asterisk driver for Cisco SCCP-enabled phones
Overview Asterisk contains an integer overflow vulnerability. This vulnerability may allow an attacker to run arbitrary code. Description Asterisk is an open-source PBX software package that provides voicemail, three-way calling, and other features. Skinny Client Control Protocol SCCP is a...
IBM Lotus Notes sets insecure default permissions on program data
Overview IBM Lotus Notes sets insecure default permissions on the Notes directory. This vulnerability may allow a local attacker to gain unintended access to Lotus Notes program data. Description IBM Lotus Notes installs numerous program files and program data in a special directory known as the...
Oracle ENABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection
Overview The Oracle ENABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle ENABLEHIERARCHYINTERNAL procedure fails to proper...
Oracle PREPARE_UNBOUNDED_VIEW procedure vulnerable to PL/SQL injection
Overview The Oracle PREPAREUNBOUNDEDVIEW procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle PREPAREUNBOUNDEDVIEW procedure fails to properly...
NVIDIA Display Driver for Unix systems vulnerable to buffer overflow
Overview A vulnerability in the NVIDIA Display Driver for Unix systems may allow a remote attacker to execute code on a vulnerable system. Description The NVIDIA Display Driver for Unix systems provides access to the display adapter's accelerated features on supported systems, and includes a modu...
Cisco products contain hard-coded SNMP values
Overview Certain versions of the Cisco IOS software have a hard-coded SNMP read-write community string that cannot be changed by an administrator. Description Some versions of the Cisco IOS have a hardcoded SNMP read-write community string. This community string is designed to ensure that...
Microsoft XML Core Services contain a buffer overflow in the XSLT component
Overview The XSLT component of the Microsoft XML Core Services contains a buffer overflow. An attacker may be able to use this vulnerability to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use JScript, Visual Basic Scripting...
Wireshark contains an unspecified vulnerability in the DHCP dissector
Overview Wireshark contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. Description Wireshark for Microsoft Windows contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. This vulnerability may be exploited when the...
Microsoft Word vulnerable to remote code execution
Overview A remote code execution vulnerability in Microsoft Word can allow a remote attacker to execute arbitrary code via a specially crafted mail merge file. Description Microsoft Word contains a remote code execution vulnerability that can be exploited when a specially crafted mail merge file ...
Trend Micro OfficeScan Management Console ActiveX control format string vulnerability
Overview The Trend Micro OfficeScan Management Console ActiveX control, AtxConsole, contains a format string vulnerability. This vulnerability may be exploited by an attacker to execute arbitrary code, or create a denial-of-service condition. Description Trend Micro's OfficeScan product includes ...
Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations
Overview The Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations. An attacker who exploits this vulnerability may be able to read cookies or view other sensitive data from a vulnerable system. Description Microsoft XML Core Services MSXML allow...
Microsoft Office fails to properly parse malformed records
Overview A vulnerability in the way Microsoft Office parses files containing malformed records may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when Office attempts to parse specially crafted records. According to Microsoft...
Microsoft Office fails to properly parse malformed chart records
Overview A vulnerability in the way Microsoft Office parses files containing malformed chart records may lead to execution of arbitrary code. Description Microsoft Office fails to properly handle malformed chart records. According to Microsoft Security Bulletin MS06-062:When Office opens a...
Microsoft Server Service fails to properly handle network messages
Overview A vulnerability in the way Microsoft Server Service handles network messages may lead to execution of arbitrary code. Description Microsoft Server Service provides support for Remote Proceedure Call RPC, resource sharing, and named pipe communication over the network. Microsoft Server...
Microsoft Office fails to properly parse malformed strings
Overview A vulnerability in the way Microsoft Office parses files with malformed strings may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted strings. According to Microsoft Security Bulletin...
Microsoft Office fails to properly parse malformed Smart Tags
Overview A vulnerability in the way Microsoft Office parses files containing malformed Smart Tags may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted Smart Tags. According to Microsoft Security...
Microsoft PowerPoint fails to properly handle malformed object pointers
Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed object pointers, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoi...
Microsoft Excel fails to properly process malformed DATETIME records
Overview Microsoft Excel contains a vulnerability in the handling of malformed DATETIME records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...
Microsoft Excel fails to properly process malformed STYLE records
Overview Microsoft Excel contains a vulnerability in the handling of malformed STYLE records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...
Microsoft PowerPoint malformed record memory corruption
Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens...
Microsoft Object Packager fails to properly display file types
Overview The Microsoft Object Packager fails to properly display the file types. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description According to Microsoft: Object Packager is a tool you can use to create a package that you ca...
Microsoft Excel fails to properly process malformed COLINFO records
Overview Microsoft Excel contains a vulnerability in the handling of malformed COLINFO records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...
Microsoft Excel fails to properly handle Lotus 1-2-3 files
Overview Microsoft Excel contains a vulnerability in the handling of malformed Lotus 1-2-3 files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains an unspecified vulnerability that could be exploited when Exc...
Microsoft .NET Framework contains a cross-site scripting vulnerability
Overview The Microsoft .NET Framework contains a cross-site scripting vulnerability that may allow an attacker to read or modify data in web pages and cookies. Description The Microsoft .NET Framework is a managed code programming model for Microsoft Windows operating systems. Microsoft ASP.NET i...
Microsoft PowerPoint fails to properly handle malformed data records
Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed data records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint...
Symantec products fail to properly limit device driver access to kernel memory
Overview Certain device drivers included with Symantec products fail to properly verify address space within the "IOCTL" handlers. Description Symantec provides Anti-Virus and Internet Security products that are designed to protect users. According to Symantec Security Response SYM06-020:A...