Apple Mac OS X JPEG2000 image handling buffer overflow

Overview Apple Mac OS X fails to properly handle JPEG2000 files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple ImageIO is an image processing framework that was introduced in OS X 10.4 Tiger...

Apple QuickDraw Manager fails to properly handle malicious PICT images

Overview A vulnerability exists in how Apple OS X handles PICT images. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code, or create a denial-of-service condition. Description From Apple,Certain applications invoke an unsupported QuickDraw operatio...

Apple Workgroup Manager fails to properly enable ShadowHash passwords

Overview Apple Workgroup Manager fails to properly enable ShadowHash passwords in a NetInfo parent. Workgroup Manager may appear to use ShadowHash passwords when crypt is used. Description Workgroup Manager is a system adimistration tool in Apple Mac OS X Server that manages users, groups, and...

FileCOPA FTP server vulnerable to buffer overflow

Overview There is a buffer overflow vulnerability in the FileCOPA FTP server which may allow an attacker to execute arbitrary code. Description FileCOPA is an FTP server for Microsoft Windows that supports anonymous file transfers.There is a buffer overflow vulnerability in the FileCOPA FTP servi...

X.509 certificate verification may be vulnerable to resource exhaustion

Overview Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion. This vulnerability may cause a denial of service. Description Included in X.509 certificates are public keys used for digital signature...

OpenSSL may fail to properly parse invalid ASN.1 structures

Overview A vulnerability in OpenSSL may allow an attacker to create a denial-of-service condition. Description OpenSSL is an Open Source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols.When parsing certain invalid ASN.1 structures, OpenSSL...

OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow

Overview A buffer overflow vulnerability in an OpenSSL library function could allow a remote attacker to execute code on an affected system. Description The OpenSSL toolkit implements the Secure Sockets Layer SSL versions 2 and 3 and Transport Layer Security TLS version 1 protocols as well as a...

Cisco IOS fails to properly handle summary packets in the VLAN Trunking Protocol

Overview Cisco IOS fails to properly handle summary packets in the VLAN Trunking Protocol. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. Description Cisco's VLAN Trunking Protocol VTP provides the ability to manage the addition, deletion,...

OpenSSL SSLv2 client code fails to properly check for NULL

Overview A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Description The OpenSSL toolkit implements the Secure Sockets Layer SSL versions 2 and 3 and Transport Layer Security TLS version 1 protocols as well as a general purpose...

Microsoft PowerPoint fails to properly handle malformed records

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens...

Cisco IOS fails to properly verify the VTP configuration revision number

Overview Cisco IOS fails to properly verify the VTP configuration revision number. This vulnerability may allow a remote, unauthenticated attacker to prevent changes to the VLAN database from being properly propagated throughout the VTP domain. Description Cisco's VLAN Trunking Protocol VTP...

Roller Weblogger contains a cross-site scripting vulnerability

Overview A cross-site scripting vulnerability in Roller Weblogger may allow an attacker to read or modify data in web pages and cookies. Description There is a cross-site scripting vulnerability in the way that Roller handles data supplied in the comments section of a web page running the Roller...

Microsoft Windows WebViewFolderIcon ActiveX integer overflow

Overview The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft WebViewFolderIcon object is an ActiveX control that comes with...

Cisco IOS contains buffer overflow in VTP VLAN name handling

Overview Cisco IOS fails to properly handle specially crafted VTP summary advertisement with overly long VLAN name. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Cisco's VLAN Trunking Protocol VTP...

Apple AirPort wireless vulnerable to buffer overflow

Overview Two buffer overflow vulnerabilities exist in Apple AirPort wireless drivers. If exploited, this vulnerability may allow an attacker to execute arbitrary code. Description According to Apple:Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed...

Apple AirPort wireless drivers vulnerable to integer overflow

Overview An integer overflow exists in the Apple AirPort wireless drivers. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description According to Apple,An integer overflow exists in the AirPort wireless...

Apple AirPort wireless drivers fails to properly handle scan cache updates

Overview An heap buffer overflow exists in the Apple AirPort wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description Apple AirPort drivers contain a heap buffer overflow in the code that...

Cisco Intrusion Prevention System administration interface fails to properly handle Secure Socket Layer packets

Overview The web administration interface of Cisco Intrusion Prevention System and Intrusion Detection System devices fails to properly handle certain Secure Socket Layer packets. This vulnerability may cause a denial of service. Description According to Cisco Security Advisory...

SISCO OSI stack fails to properly validate packets

Overview A vulnerability exists in the SISCO OSI stack for Windows. If successfully exploited, an attacker could cause a denial-of-service condition. Description Inter-control Center Communications Protocol ICCP The Inter-control Center Communications Protocol ICCP is a protocol that is used to...

Cisco IPS fails to properly check fragmented IP packets

Overview Cisco IPS systems may fail to check specially-crafted IP packets that are fragmented. Description Some Cisco intrusion prevention system IPS products can be configured as passive intrusion detection systems IDS or active IPS systems. Cisco refers to the IPS mode as "inline" and the IDS...

Mozilla products fail to properly handle JavaScript regular expressions

Overview Mozilla products fail to properly handle certain JavaScript regular expressions. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Mozilla Foundation Security Advisory 2006-57: ...a...

Adobe Flash Player allowScriptAccess protection bypass vulnerability

Overview A vulnerability in Adobe Flash Player may allow a remote attacker to bypass allowScriptAccess protection. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. According to Adobe: The...

gzip contains a .bss buffer overflow in its LZH handling

Overview The gzip program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. Some implementations of gzip include support for the LZH...

gzip contains a buffer underflow

Overview The gzip program contains a buffer underflow vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files.A buffer underflow vulnerability exists in gzip. An...

gzip NULL dereference in huft_build()

Overview The gzip program contains a null dereference vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. A null dereference vulnerability exists in gzip. An...

gzip contains an infinite loop vulnerability in its LZH handling

Overview The gzip program contains a infinite loop vulnerability that may allow an attacker to create a denial-of-service condition. Description The gzip program is used to compress and decompress archived files. A infinite loop vulnerability exists in the way gzip handles certain files. An...

gzip contains an array out-of-bounds vulnerability in make_table()

Overview The gzip program contains a stack modification vulnerability that may allow an attacker to execute arbitrary code, or create a denial-of-service condition.. Description The gzip program is used to compress and decompress archived files.A stack modification vulnerability exists in gzip. A...

Microsoft Internet Explorer VML stack buffer overflow

Overview Microsoft Internet Explorer IE fails to properly handle Vector Markup Language tags. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML,...

Adobe Flash Player long string buffer overflow

Overview Adobe Flash Player fails to properly handle malformed strings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed withi...

Microsoft DirectAnimation Path ActiveX control fails to validate input

Overview The Microsoft DirectAnimation Path ActiveX control fails to properly validate input. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft DirectAnimation Path object is an ActiveX control that is used to move object...

Apple QuickTime fails to properly handle FLC movies

Overview Apple QuickTime fails to properly handle FLC movies. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote audio, vide...

Apple QuickTime Player H.264 Codec contains an integer overflow

Overview Apple QuickTime fails to properly handle H.264 movies. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime Player is multimedia software that allows users to view local and remote...

Apple QuickTime fails to properly handle FlashPix files

Overview Apple QuickTime fails to properly handle FlashPix files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remot...

Apple QuickTime fails to properly handle SGI images

Overview Apple QuickTime fails to properly handle SGI images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote audio, vide...

Apple QuickTime vulnerable to denial of service via specially crafted FlashPix file

Overview A buffer overflow vulnerability in the way Apple QuickTime handles FlashPix files could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A buffer overflow vulnerability in QuickTime for Windows and Mac OS X may allow an attacker to...

Apple QuickTime movie buffer overflow vulnerability

Overview A buffer overflow vulnerability in the way Apple QuickTime handles movie files could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A buffer overflow vulnerability in QuickTime for Windows and Mac OS X may allow an attacker to execut...

Microsoft Publisher does not adequately validate Publisher documents

Overview Microsoft Publisher does not adequately validate Publisher documents. This results in a buffer overflow vulnerability that could allow an attacker to execute arbitrary code with the privileges of the user running Publisher. Description Microsoft Publisher does not adequately validate...

Microsoft PGM vulnerable to remote code execution

Overview A buffer overflow vulnerability in Microsoft's Pragmatic General Multicast PGM protocol implementation may allow an attacker to execute arbitrary code. Description The Pragmatic General Multicast PGM protocol is an experimental protocol defined in RFC 3208. Microsoft's implementation of...

Microsoft Indexing Services vulnerable to cross-site scripting

Overview Microsoft's Indexing Service does not properly validate queries. This vulnerability may allow an attacker to run client-side scripts on behalf of a user. Description Microsoft's Indexing Service allows users to quickly search computers and networks. This service can be used in combinatio...

AOL ICQ Pro fails to properly handle incoming message lengths

Overview A buffer overflow vulnerability in ICQ may allow a remote attacker to execute arbitrary code or create a denial-of-service condition. Description ICQ is a instant messaging application that is maintained by AOL. A buffer overflow vulnerability in ICQ Pro 2003b may allow a remote,...

Multiple RSA implementations fail to properly handle signatures

Overview Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Description RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are padded with data t...

IBM Access Support eGatherer ActiveX control buffer overflow

Overview The IBM Access Support eGatherer ActiveX control contains a buffer overflow vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The IBM Access Support eGatherer ActiveX control has the ability to collect system...

Microsoft Word 2000 malformed record vulnerability

Overview Microsoft Word 2000 contains a memory corruption vulnerability. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running Word 2000. Description Microsoft Word 2000 fails to properly handle malformed records leadin...

BIND vulnerable to an INSIST failure via sending of multiple recursive queries

Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A flaw exists in the...

BIND vulnerable to an assertion failure when querying for SIG records

Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A flaw exists in the...

Retro64 / Miniclip CR64Loader ActiveX control buffer overflow

Overview The Retro64 / Miniclip CR64Loader ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The CR64Loader Object is an ActiveX control developed by Retro64. The web sites...

Barracuda Spam Firewall contains hardcoded default login credentials

Overview Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Description Barracuda Spam Firewall appliances provide ingress and egress spam filtering for local area networks. An administrator will typically lo...

VMware ESX Server management interface logs passwords in cleartext in a world-readable file

Overview Certain versions of VMware ESX Server store passwords in a cleartext file that all users have read permissions to. Description Per the VMware ESX Server datasheet:ESX Server installs directly on the server hardware, or “bare metal,” and inserts a robust virtualization layer between the...

HP OpenView Storage Data Protector may allow an attacker to execute arbitrary commands

Overview A vulnerability in HP OpenView Storage Data Protector may allow an attacker to issue arbitrary commands on an affected system. Description HP OpenviewHP Openview is a range of products, distributed and developed by Hewlett Packard, that are used for enterprise system and network...

Microsoft Internet Explorer long URL buffer overflow

Overview Microsoft Internet Explorer is vulnerable to a buffer overflow when processing a long URL on a web site that uses HTTP 1.1 compression. This could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer 6 Service...