3702 matches found
Microsoft PowerPoint malformed record vulnerability
Overview Microsoft PowerPoint fails to properly handle malformed records. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint Microsoft PowerPoint is presentation software that is available on Microsoft Windows and Apple Mac platform...
Microsoft JScript memory corruption vulnerability
Overview Microsoft JScript contains a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft JScript According to Microsoft Security Bulletin MS06-023: JScript is the Microsoft...
Microsoft Internet Explorer exception handling vulnerability
Overview Microsoft Internet Explorer fails to properly handle exception conditions. This may allow a remote, unauthenticated attacker to execute arbitrary code. Description Internet Explorer allows objects to register exception handlers. These handlers may not properly handle some conditions, whi...
Microsoft DXImageTransform Light filter fails to validate input
Overview The Microsoft DXImageTransform Light COM object fails to validate input, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can be...
Microsoft Windows Media Player PNG processing buffer overflow
Overview Microsoft Windows Media Player contains a stack-based buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Windows Media Player Windows Media Player is a multimedia application that comes with...
Linux Kernel may fail to properly handle SNMP packets
Overview A memory freeing vulnerability in the Linux kernel module ipnatsnmpbasic can be exploited to create a denial-of-service condition. Description ipnatsnmpbasic The ipnatsnmpbasic IP NAT module is intended for use with SNMP network discovery and monitoring applications where target networks...
Skype URI handler fails to properly parse parameters
Overview A remote attacker could potentially retrieve files from Skype users running the Microsoft Windows version of the Skype software. Description Skype is an application that allows users to communicate with voice or messaging across the Internet or local area networks. Skype also features th...
TIBCO Hawk Monitoring Agent vulnerable to buffer overflow via the configuration interface
Overview A vulnerability in the TIBCO Hawk Monitoring Agent configuration interface may allow a local attacker to execute arbitrary code with elevated privileges. Description TIBCO Hawk is a tool for monitoring and managing distributed applications and systems throughout an enterprise. A buffer...
TIBCO Rendezvous daemon components contain a buffer overflow in the HTTP administrative interface
Overview A vulnerability in the TIBCO Rendezvous daemon components may allow a remote attacker to execute arbitrary code on an affected system. Description TIBCO Rendezvous is a distributed messaging software platform. A buffer overflow vulnerability has been discovered in the HTTP administrative...
Mozilla may process content-defined setters on object prototypes with elevated privileges
Overview Mozilla allows content-defined setters on object prototypes to execute with elevated privileges. This may allow a remote attacker to execute arbitrary code. Description Setters A setter is a method in JavaScript that sets the value of a property. The problem The setters in Mozilla are...
Mozilla contains a buffer overflow vulnerability in crypto.signText()
Overview Mozilla products contain a buffer overflow in the crypto.signText method. This may allow a remote attacker to execute arbitrary code. Description crypto.SignText JavaScript contains a crypto.signText method, which allows the user to digitally sign a text string. The problem The Mozilla...
Mozilla privilege escalation using addSelectionListener
Overview A privilege escalation vulnerability exists in the Mozilla addSelectionListener method. This may allow a remote attacker to execute arbitrary code. Description addSelectionListener Web content can add a SelectionListener to the Selection object by using addSelectionListener method of the...
Mozilla contains multiple memory corruption vulnerabilities
Overview Mozilla contains several memory corruption vulnerabilities. This may allow a remote attacker to execute arbitrary code. Description Mozilla team members have discovered multiple vulnerabilities that cause the browser engine to crash. In certain circumstances, these vulnerabilities may...
Mozilla may associate persisted XUL attributes with an incorrect URL
Overview Mozilla can allow persisted XUL attributes to associate with the wrong URL. This may allow a remote attacker to execute arbitrary code. Description XULXUL is an XML-based user interface language, which is used by Mozilla. Persisted XUL XUL elements with the persist attribute maintain the...
Secure Elements Class 5 AVR server fails to properly authenticate registration messages
Overview The Secure Elements Class 5 AVR server fails to properly authenticate registration messages. This may allow an attacker to cause a denial-of-service condition on the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that...
Secure Elements Class 5 AVR server fails to enforce integrity of message digests
Overview The Secure Elements Class 5 AVR server fails to enforce integrity of message digests. This may allow a remote attacker to replay and modify messages without knowledge of any keys. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...
Secure Elements Class 5 AVR uses the same encryption key and initialization vector for every message session
Overview Secure Elements Class 5 AVR uses the same encryption key and initialization vector for every message session. This may allow an attacker to discover some information about encrypted messages. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...
Secure Elements Class 5 AVR uses the same RSA key for all installations
Overview Secure Elements Class 5 AVR uses the same RSA key for all installations. This may allow a remote attacker to decrypt communications between systems. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces...
Secure Elements Class 5 AVR client sends messages in cleartext
Overview The Secure Elements Class 5 AVR client sends messages in cleartext. This may allow an attacker to read traffic from an asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces security policies on...
Secure Elements Class 5 AVR client generates predictable CEIDs
Overview The Secure Elements Class 5 AVR client generates predictable CEIDs. This may allow an attacker to guess the unique identifier of a protected asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces...
WeOnlyDo! SFTP ActiveX control fails to properly restrict access to methods
Overview The WeOnlyDo! SFTP ActiveX control is incorrectly marked safe for scripting. This may allow a remote unauthenticated attacker to upload arbitrary files from a vulnerable system to an SFTP server or download arbitrary files from an SFTP server to a vulnerable system. Description...
Secure Elements Class 5 AVR client fails to validate source address of messages
Overview The Secure Elements Class 5 AVR client fails to validate the source address of messages. This may allow an attacker to execute arbitrary code with root privileges on a vulnerable client system. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...
Secure Elements Class 5 AVR client fails to properly validate the size of EM_SET_CE_PARAMETER messages
Overview The Secure Elements Class 5 AVR client fails to properly handle the size of EMSETCEPARAMETER messages. This may allow an attacker to cause a buffer overflow and reveal process memory. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security...
Secure Elements Class 5 AVR server fails to properly validate pathnames when downloading updates
Overview The Secure Elements Class 5 AVR server fails to properly validate pathnames when downloading updates. This may allow an attacker to overwrite arbitrary files on the server system. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...
Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages
Overview The Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages, which may allow an attacker to overwrite any file on a vulnerable client as root. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...
Secure Elements Class 5 AVR server fails to properly enforce access controls on console operations
Overview The Secure Elements Class 5 AVR server fails to properly enforce access controls on console operations. This may allow a remote attacker to gain unauthorized administrative access to a server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...
Secure Elements Class 5 AVR client fails to properly validate a messages target CEID
Overview The Secure Elements Class 5 AVR client fails to properly validate a message's target CEID. This makes attacks easier, as the attacker does not need to guess the victim's true CEID. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produ...
Secure Elements Class 5 AVR server fails to properly authenticate session start messages
Overview The Secure Elements Class 5 AVR server fails to properly authenticate "session start" messages. This may allow an attacker to cause the server to initiate TCP connections to arbitrary destinations, which can cause a denial of service to both the server and the specified target. Descripti...
Secure Elements Class 5 AVR client fails to enforce integrity of message digests
Overview The Secure Elements Class 5 AVR client fails to enforce integrity of message digests. This may allow an attacker to replay modified messages to a vulnerable client. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors...
Secure Elements Class 5 AVR server sends messages in cleartext
Overview The Secure Elements Class 5 AVR server sends messages in cleartext. This may allow an attacker to read traffic to an asset. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces security policies on networ...
Secure Elements Class 5 AVR server fails to validate source address of messages
Overview The Secure Elements Class 5 AVR server fails to validate the source address of messages it receives. This may allow an attacker to forge messages to the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and...
Secure Elements Class 5 AVR server fails to properly validate peer certificate when downloading updates
Overview The Secure Elements Class 5 AVR server fails to properly validate the peer certificate when downloading updates. This may allow a remote attacker to distribute malicious updates to the clients. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...
Secure Elements Class 5 AVR client fails to properly validate the size of EM_GET_CE_PARAMETER messages
Overview The Secure Elements Class 5 AVR client fails to properly handle the size of EMGETCEPARAMETER messages. This may allow an attacker to cause a buffer overflow and reveal process memory. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security...
Secure Elements Class 5 AVR server contains hard-coded user ID and password
Overview The Secure Elements Class 5 AVR server contains a hard-coded user ID and password. This may allow a remote unauthenticated attacker to gain access to the server. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors an...
Symantec products vulnerable to buffer overflow
Overview Symantec products are vulnerable to a stack-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Symantec Client Security and Symantec Antivirus Corporate Edition contain a stack-based buffer overflow. For informati...
Microsoft Word object pointer memory corruption vulnerability
Overview A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code with the privileges of the user running Word. Description Microsoft Word contains a memory corruption vulnerability. According to Microsoft Security Bulletin MS06-027:When a user...
WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate key exchange algorithm strings
Overview The WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate the length of key exchange algorithm strings. This may allow a remote, unauthenticated attacker to execute arbitrary code. Description wodSSHServerActiveX component According to the wodSSHServer ActiveX...
Apple QuickTime MPEG-4 movie buffer overflow
Overview Apple QuickTime fails to properly handle MPEG-4 movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and...
RealVNC Server does not validate client authentication method
Overview The RealVNC Server fails to properly authenticate clients. This may allow a remote attacker to bypass authentication and gain access to the VNC server. Description TheVirtual Network ComputingVNC Protocol According to RealVNC, "The VNC protocol is a simple protocol for remote access to...
LiveData ICCP Server heap buffer overflow vulnerability
Overview LiveData ICCP Server contains a heap-based buffer overflow. This vulnerability may allow a remote attacker to crash the server. Description Inter-Control Center Communications Protocol ICCP According to the LiveData ICCP Server white paper: The Inter-Control Center Communications Protoco...
EMC Retrospect Client buffer overflow vulnerability
Overview EMC Retrospect Client contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description EMC Retrospect Backup and Recovery Software EMC Retrospect is a is a backup and recovery application designed for small to medium...
Apple QuickTime FlashPix integer overflow
Overview Apple QuickTime fails to properly handle FlashPix images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remo...
Apple Safari fails to properly handle archive files containing symbolic links
Overview Apple Safari fails to properly handle archive files that contain symbolic links, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. Symbolic links Symbolic links are...
Apple Quicktime JPEG integer overflow
Overview Apple QuickTime fails to properly handle JPEG images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote...
Microsoft Exchange fails to properly handle vCal and iCal properties
Overview Microsoft Exchange Server does not properly handle the vCal and iCal properties of email messages. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an Exchange Server. Description Microsoft Exchange Server Microsoft's Exchange...
MySQL fails to properly validate COM_TABLE_DUMP packets
Overview MySQL contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable server. Description MySQL and COMTABLEDUMPMySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems...
Juniper Networks IVE client ActiveX control buffer overflow
Overview The ActiveX control used by Juniper IVE OS devices contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable client. Description Juniper IVE OS is an operating system used by Juniper devices, such as the Juniper Networks Secu...
Oracle views fail to enforce table security settings
Overview A vulnerability in the way Oracle handles views may allow an attacker to modify privileged database information. Description Database Views A view is a queryable aggregation of data from one or more tables that is stored and maintained. The Problem A vulnerability in the way that Oracle...
Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection
Overview A vulnerability in Oracle PL/SQL Export Extensions may allow an attacker to modify privileged database information. Description Oracle Extensions, ODCIIndex Interface, andODCIIndexGetMetadata Oracle extensions are used to create customized Oracle database constructs. An indextype is an...
Mozilla Firefox designMode deleted object reference
Overview Mozilla Firefox contains a deleted object reference vulnerability. This may allow a remote attacker to execute arbitrary code. Description Mozilla Firefox contains a vulnerability that causes a deleted object to be referenced when designMode is set to "on." When Firefox attempts to use...