3702 matches found
Symantec Scan Engine fails to properly perform authentication
Overview Symantec Scan Engine administrative web interface fails to properly authenticate users, which may allow a remote attacker to gain administrative access to the software. Description The Symantec Scan Engine provides a programming interface to Symantec content scanning and virus detection...
Multiple vulnerabilities in DNS implementations
Overview Numerous vulnerabilities have been reported in various Domain Name System DNS implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause a DNS implementation to behave in an unstable/unpredictable...
Winny contains a buffer overflow
Overview Winny contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Winny also referred to as WinNY is a popular Japanese peer-to-peer file sharing application. A flaw exists in this program due t...
Oracle Order Capture vulnerability
Overview An unspecified vulnerability in Oracle Order Capture may allow a remote, unauthenticated attacker to compromise system confidentiality. Description Oracle Order Capture contains a vulnerability. The details of this vulnerability are not clear. However, Oracle states this issue can allow ...
Oracle Export component SQL injection vulnerability
Overview An SQL injection vulnerability in the Oracle Export component may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Export component contains a SQL injection vulnerability.The details of this vulnerability are not clear. We...
Oracle Advanced Replication SQL injection vulnerability
Overview An SQL injection vulnerability in the Oracle Advanced Replication component may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Advanced Replication component contains a SQL injection vulnerability.The details of this...
Oracle Application Object Library vulnerability
Overview An unspecified vulnerability in the Oracle Application Object Library may allow a remote, unauthenticated attacker to compromise system integrity and confidentiality. Description Oracle Application Object Library contains a vulnerability.The details of this vulnerability are not clear...
Oracle Diagnostics Interfaces vulnerability
Overview An unspecified vulnerability in Oracle Diagnostics Interfaces may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Diagnostics Interfaces contains a vulnerability. The details of this vulnerability are not clear. However,...
Oracle DBMS_REPUTIL package vulnerable to SQL injection
Overview An SQL injection vulnerability in the Oracle DBMSREPUTIL package may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle DBMSREPUTIL package contains a SQL injection vulnerability.The details of this vulnerability are not clea...
Oracle Collaboration Suite Email Server vulnerability
Overview An unspecified vulnerability in the Oracle Collaboration Suite Email Server may allow a remote, unauthenticated attacker to compromise system integrity, confidentiality, and availability. Description Oracle Collaboration Suite Email Server contains a vulnerability.The details of this...
Linksys RT31P2 VoIP router denial of service vulnerabilities
Overview The Linksys RT31P2 VoIP router contains several vulnerabilities that may allow a remote, unauthenticated attacker to cause a denial of service. Description The Linksys RT31P2 is a broadband router that includes Voice over Internet Protocol VoIP telephone functionality. The RT31P2 unit...
Oracle Collaboration Suite Email Server contains a vulnerability that may compromise system confidentiality
Overview An unspecified vulnerability in the Oracle Collaboration Suite Email Server may allow a remote, unauthenticated attacker to compromise system confidentiality. Description Oracle Collaboration Suite Email Server contains an unspecified vulnerability. Oracle states this issue can allow an...
Oracle Reporting Framework vulnerability
Overview An unspecified vulnerability in the Oracle Reporting Framework may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Reporting Framework contains a vulnerability.The details of this vulnerability are not clear. However, Oracle...
Oracle Dictionary vulnerability
Overview An unspecified vulnerability in the Oracle Dictionary may allow a remote attacker to compromise system integrity and availability. Description Oracle Dictionary contains an unspecified vulnerability that, according to Oracle, can allow an attacker to easily compromise system integrity an...
Oracle Spatial SQL injection vulnerability
Overview Oracle Spatial is vulnerable to SQL injection, possibly allowing a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Spatial fails to properly filter user-supplied input. This could allow a remote attacker to insert arbitrary SQL...
Mozilla XBL binding vulnerability
Overview Mozilla products fail to properly restrict access to privileged XBL bindings. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description XBL According to Mozilla, XBL "is a markup language that defines special new elements, or 'bindings' for XU...
Mozilla products JavaScript engine fail to properly handle garbage-collection
Overview A vulnerability in the way the JavaScript engine of Mozilla products and derivative programs handles garbage collection could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The JavaScript programming language uses a method of memory management known...
Mozilla CSS integer overflow vulnerability
Overview Mozilla products contain an integer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code. Description Cascading Style SheetsCSS is a mechanism for adding style to web documents. The problem Mozilla products contain an integer overflow in the CSS letter...
Mozilla JavaScript security bypass vulnerability
Overview Mozilla products fail to properly enforce security restrictions in JavaScript. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Mozilla Foundation Security Advisory 2006-28:The security check in jsValueToFunctionObject ca...
Mozilla crypto.generateCRMFRequest() vulnerability
Overview A vulnerability exists in the Mozilla JavaScript routine generateCRMFRequest that may allow a remote attacker to execute arbitrary code. Description The crypto object and generateCRMFRequest The crypto object is used to provide services related to cryptography, such as handling digital...
Mozilla products vulnerable to privilege escalation via XBL.method.eval
Overview A vulnerability in the way Mozilla products and derivative programs handle certain XBL methods could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla browser and derived products include support for the Extensible Bindings Language XBL, a...
Mozilla JavaScript cloned parent vulnerability
Overview Mozilla products fail to properly restrict access to a JavaScript functions cloned parent. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Mozilla Foundation Security Advisory 2006-15: it was possible to use the...
Mozilla display style vulnerability
Overview Mozilla products contain an unspecified vulnerability in the way they handle display styles. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Mozilla products contain an unspecified vulnerability in the way they...
Mozilla products border-rendering code vulnerability using CSS
Overview A vulnerability in the way Mozilla products and derivative programs handle certain CSS methods could allow a remote attacker to crash the application or execute arbitrary code on a vulnerable system. Description The Mozilla browser and derived products include support for Content Style...
Mozilla products vulnerable to memory corruption via a particular sequence of HTML tags
Overview A vulnerability in the way Mozilla products and derivative programs handle certain HTML tags could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability has been discovered in the way that Mozilla and derived programs handle certain HTML...
Mozilla products vulnerable to memory corruption via large regular expression in JavaScript
Overview A vulnerability in the way the JavaScript engine of Mozilla products and derivative programs handles a large regular expression could allow a remote attacker to crash the application or execute arbitrary code on a vulnerable system. Description A regular expression is a special text stri...
Mozilla DHTML memory corruption vulnerabilities
Overview Mozilla products contain multiple unspecified vulnerabilities in the way they handle DHTML. These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Mozilla products fail to properly handle DHTML. This may allow memor...
SunnComm MediaMax privilege elevation vulnerability
Overview SunnComm MediaMax contains a privilege elevation vulnerability, which may allow a user with limited rights to execute code with elevated privileges. Description SunnComm MediaMax SunnComm MediaMax is copy protection software that is automatically installed by some audio CDs. Sony BMG has...
RDS.Dataspace ActiveX control bypasses ActiveX security model
Overview The Microsoft RDS.Dataspace ActiveX control bypasses the ActiveX security model, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveX ActiveX is a technology that allows programmers to create reusable software components...
Microsoft Internet Explorer may automatically execute HTA files
Overview Microsoft Internet Explorer IE fails to properly handle HTA files. This vulnerability may allow a remote attacker to execute arbitrary code. Description HTML Application HTA HTML Applications HTAs are HTML documents that are executed as trusted applications. HTAs can run script, Java, or...
Microsoft Windows fails to properly handle COM objects
Overview Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft COM Microsoft COM is a technology that allows programmers to create reusable software components...
Microsoft Internet Explorer fails to properly handle HTML elements with a specially crafted tag
Overview Microsoft Internet Explorer IE fails to properly handle HTML element tags, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description IE fails to properly handle HTML element tags. When a specially crafted HTML file is opened in IE, system memory can be...
Microsoft Internet Explorer fails to properly handle double-byte characters in specially crafted URLs
Overview Microsoft Internet Explorer IE fails to properly handle double-byte characters in URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description IE fails to properly handle double-byte characters in URLs. When a specially crafted HTML file is opened in IE...
Microsoft Internet Explorer contains overflow in processing script action handlers
Overview A vulnerability in the Microsoft Internet Explorer web browser could allow a remote attacker to crash the browser or possibly execute arbitrary code on a vulnerable system. Description A programming error in the way that Internet Explorer handles multiple event handlers in an HTML elemen...
Microsoft Internet Explorer fails to properly handle embedded objects
Overview Microsoft Internet Explorer IE does not properly handle embedded dynamic objects. This vulnerability may allow a remote attacker to execute arbitrary code. Description IOleClientSite interface According to Microsoft Security Bulletin MS06-013, The IOleClientSite interface is the primary...
Microsoft Internet Explorer fails to handle specially crafted, invalid HTML
Overview Microsoft Internet Explorer IE fails to properly handle malformed HTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description IE fails to properly handle specially crafted HTML. When a specially crafted, malformed HTML file is opened...
RealNetworks products fail to properly handle chunked data
Overview Numerous RealNetworks products do not properly handle chunked data. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer RealNetworks RealPlayer is a multimedia application that allows users to view local and...
eBay contains a cross-site scripting vulnerability
Overview The eBay web site contains a cross-site scripting vulnerability. Description eBay is a popular auction web site. When an eBay user posts an auction, eBay allows SCRIPT tags to be included in the auction description. This creates a cross-site scripting vulnerability in the eBay website...
RealNetworks products vulnerable to buffer overflow via specially crafted flash media file
Overview Numerous RealNetworks products are vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...
RealNetworks products vulnerable to buffer overflow via specially crafted MBC file
Overview Numerous RealNetworks products are vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...
Symantec VERITAS NetBackup contains a buffer overflow vulnerability in the Sharepoint Services daemon
Overview The Symantec VERITAS NetBackup Volume Manager daemon contains a buffer overflow vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The Sharepoint Services...
Symantec VERITAS NetBackup Catalog daemon buffer overflow
Overview The NetBackup Catalog daemon contains a stack-based buffer overflow that could allow a remote attacker to execute arbitrary code on a NetBackup master server. Description VERITAS NetBackup Netbackup is a data backup and recovery solution with support for "over the network" backup...
Symantec VERITAS NetBackup Volume Manager daemon buffer overflow
Overview The Symantec VERITAS NetBackup Volume Manager daemon contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Symantec VERITAS NetBackup Symantec VERITAS NetBackup is a client/server based backup software solution...
Pubcookie login server contains cross-site scripting vulnerabilities
Overview Cross-site scripting vulnerabilities in the Pubcookie login server could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web. The Pubcookie...
Pubcookie application server modules contain cross-site scripting vulnerabilities
Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...
Microsoft Internet Explorer createTextRange() vulnerability
Overview Microsoft Internet Explorer IE fails to properly handle the createTextRange DHTML method, possibly allowing a remote, unauthenticated attacker to execute arbitrary code. Description DHTML, TextRanges, and the createTextRange Method According to Microsoft:Dynamic HTML DHTML is built on an...
Sendmail signal I/O race condition
Overview A race condition in Sendmail may allow a remote attacker to execute arbitrary code. Description Sendmail Sendmail is a widely used mail transfer agent MTA. Mail Transfer Agents MTA MTAs are responsible for sending an receiving email messages over the internet. They are also referred to a...
Apple Mail buffer overflow vulnerability
Overview Apple Mail contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple Mail Mac OS X includes the Mail application Mail.app for handling electronic mail. The Problem Apple Mail contains a buffer overflow caused by lack o...
Adobe Flash products contain multiple vulnerabilities
Overview Several vulnerabilities in Adobe Macromedia Flash products may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web...
Microsoft Excel malformed parsing format file memory corruption vulnerability
Overview Microsoft Excel contains a memory corruption vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate parsing format files. When a file with a malformed parsing format files is...