Apple Safari WebKit component vulnerable to buffer overflow

Overview Apple Safari WebKit component is vulnerable to buffer overflow. This may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. WebKit According to Apple:...

Oracle Diagnostic Tools do not properly authenticate users

Overview Oracle Diagnostic Tools fail to properly authenticate users before granting access to tools and tool resources. This may allow a remote, unauthenticated attacker to access and execute diagnostic tools on an Oracle E-Business Suite installation. Description Oracle Diagnostic Tools Oracle...

Adobe Macromedia Shockwave Player ActiveX installer buffer overflow vulnerability

Overview The ActiveX installer for Adobe Macromedia Shockwave contains a buffer overflow, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Shockwave Player Adobe Macromedia Shockwave Player is software that plays active web content...

PostgreSQL database privilege escalation vulnerability

Overview PostgreSQL fails to properly recover from errors. This may allow an authenticated attacker to gain elevated privileges on a PostgreSQL database. Description PostgreSQL Database PostgreSQL is an open source database management system. The Problem There is a vulnerability in the way that...

Apple Safari automatically executes arbitrary shell commands or code

Overview Apple Safari fails to properly determine file safety, allowing a remote unauthenticated attacker to execute arbitrary commands or code. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. Explicit binding Mac OS X supports a feature called...

IBM Lotus Notes ZIP file handling buffer overflow

Overview IBM Lotus Notes contains a buffer overflow when handling a ZIP file with a large file name. This could allow a remote attacker to execute arbitrary code on a vulnerable system. Description IBM Lotus Notes is an integrated client application that provides functionality including email,...

Microsoft Windows Media Player plug-in buffer overflow

Overview The Microsoft Windows Media Player plug-in for browsers other than Internet Explorer contains a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Windows Media Player Windows Media Player is a multimedia application that comes with Microsoft Window...

Microsoft Windows Media Player vulnerable to buffer overflow in bitmap processing routine

Overview Microsoft Windows Media Player contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Media Player WMP is an application that ships with Microsoft Windows systems used to...

Microsoft Web Client Service vulnerable to buffer overflow

Overview A buffer overflow in the message handling routines of the Microsoft Web Client Service may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft, the Web Client Service:allows applications to access documents on the...

Microsoft Windows Korean Input Method Editor vulnerability

Overview The Microsoft Windows Korean Input Method Editor IME contains a privilege escalation vulnerability. Description According to Microsoft: An IME is a program that allows computer users to enter complex characters and symbols, such as Japanese characters, using a standard keyboard. The...

Microsoft Windows TCP/IP fails to properly validate IGMP packets

Overview Microsoft Windows implementations of the TCP/IP protocol fail to properly validate IGMP packets, leading to a denial-of-service condition. Description TCP and IGMP The Transmission Control Protocol TCP is defined in RFC 793 as a means to provide reliable host-to-host transmission between...

Microsoft PowerPoint may disclose information in the Temporary Internet Files Folder

Overview Microsoft PowerPoint contains an information disclosure vulnerability. As a result, sensitive information may be exposed to untrusted parties. Description Microsoft PowerPoint fails to properly restrict access to objects in the Temporary Internet Files Folder TIFF. This vulnerability is...

Multiple vendor SFTP logging format string vulnerability

Overview A logging function used by multiple vendors' SFTP servers contains a format string vulnerability, which may allow an authorized remote attacker to execute arbitrary code or cause a denial of service. Description SFTP SFTP Secure FTP is a file transfer application that uses SSH for...

Microsoft HTML Help Workshop buffer overflow

Overview A buffer overflow in Microsoft HTML Help Workshop may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft HTML Help provides a standard help system for the Windows operating system. HTML Help Workshop is a component of the software development...

Sun Java Web Start security bypass vulnerability

Overview A vulnerability in the Sun Java Web Start may allow an untrusted Java applet or application to bypass security restrictions and execute arbitrary code. Description Java Web Start technology allows Java applications and applets to be executed via HTTP. Remote applications and applets are...

Sun Java Reflection API security bypass vulnerabilities

Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...

PAM-MySQL contains a double-free vulnerability

Overview PAM-MySQL contains a double-free vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description PAM-MySQL provides a Pluggable Authentication Module PAM interface to a MySQL database. PAM-MySQL does not securely handle a point...

Microsoft WMF memory corruption vulnerability

Overview Microsoft applications fail to properly handle Windows Metafile WMF images potentially allowing a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including WMF images. Windows...

Microsoft Windows privilege escalation vulnerability

Overview Microsoft Windows access controls may be improperly configured potentially allowing a local attacker to gain elevated privileges on a vulnerable system. Description Microsoft Windows provides numerous, fine grained permissions and privileges to control access to Windows components, such ...

Mozilla QueryInterface memory corruption vulnerability

Overview Mozilla Firefox web browser and Thunderbird mail client contain a memory corruption vulnerability that may allow a remote attacker to execute arbitrary code. Description The Mozilla Firefox QueryInterface method contains a memory corruption vulnerability. According to Mozilla: Calling th...

Mozilla-based products fail to validate user input to the attribute name in "XULDocument.persist"

Overview A vulnerability in some Mozilla products that could allow a remote attacker to execute Javascript commands with the permissions of the user running the affected application. Description According to the Mozilla advisory on this issue:XULDocument.persist did not validate the attribute nam...

Winamp fails to properly handle playlists with long "file" parameter

Overview Winamp contains a buffer overflow vulnerability when processing a playlist that has a long file parameter. This may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Winamp Winamp is a media player for Microsoft Windows systems. It can...

Oracle PL/SQL Gateway fails to properly validate HTTP requests

Overview The Oracle PL/SQL Gateway fails to properly validate HTTP requests. This may allow a remote attacker to execute SQL commands on an Oracle database. Description Oracle uses the Oracle PL/SQL Gateway to access Oracle databases over HTTP. A lack of validation in the Oracle PL/SQL Gateway ma...

Microsoft Internet Explorer does not honor ActiveX kill bit

Overview Internet Explorer fails to properly check the kill bit for ActiveX controls, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can ...

Oracle Database Data Pump Metadata API SQL injection vulnerability

Overview Oracle Database Data Pump Metadata API is vulnerable to SQL injection, which could allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description The Oracle Database Data Pump Metadata API fails to properly filter user-supplied input. This may...

Oracle Database XML Database SQL Injection vulnerability

Overview Oracle Database XML Database XML DB is vulnerable to SQL injection, possibly allowing a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description According to Oracle:Oracle XML DB is a feature of the Oracle Database. It provides a high-performance...

Oracle Database Net Listener vulnerability

Overview An unspecified vulnerability in Oracle Net Listener may allow a remote attacker to compromise system confidentiality, integrity, and availability. Description Oracle Net Listener contains a vulnerability.The details of this vulnerability are not clear. However, Oracle states this issue c...

Oracle Text SQL injection vulnerability

Overview Oracle Text is vulnerable to SQL injection, which could allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description According to Oracle:Oracle Text uses standard SQL to index, search, and analyze text and documents stored in the Oracle...

Oracle Database SYS.DBMS_METADATA_UTIL package SQL injection vulnerability

Overview Oracle Database SYS.DBMSMETADATAUTIL package vulnerable to SQL injection. Description The Oracle Database SYS.DBMSMETADATAUTIL package fails to properly filter user-supplied input. This may allow a remote attacker to insert arbitrary SQL commands, which may be executed by the database. W...

Oracle Client Tools buffer overflow vulnerability

Overview A buffer overflow in an unspecified Oracle Client utility may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Oracle:One vulnerability DBC02is in a utility that can be forced to terminate if given long arguments, potentially...

Oracle TNS protocol fails to properly validate authentication requests

Overview The Oracle TNS protocol authentication mechanism fails to properly sanitize authentication requests, possibly allowing a remote attacker to execute arbitrary SQL statements with elevated privileges. Description Oracle databases authenticate and manage database connections via Oracle...

Oracle Reports arbitrary file reading vulnerability

Overview Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server. Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a componen...

Oracle Reports arbitrary file writing vulnerability

Overview Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to overwrite arbitrary files on the Reports Server. Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a...

Oracle Transparent Data Encryption master encryption key stored as plaintext

Overview Oracle Transparent Data Encryption master encryption key is stored as plaintext, which could allow an attacker to decrypt and read sensitive information within the database. Description Transparent Data Encryption TDE According to Oracle, Transparent Data Encryption "allows customers to...

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The severity and impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exi...

Clam AntiVirus vulnerable to memory corruption via specially crafted UPX packed file

Overview A vulnerability in the ClamAV antivirus toolkit may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Clam AntiVirus is an antivirus toolkit for Unix-like systems that is commonly integrated with mail servers for email attachment scanning. It supports ...

AOL You've Got Pictures ActiveX control buffer overflow

Overview The AOL You've Got Pictures service contains a buffer overflow that may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description AOL You've Got Pictures provides digital photography storage and manipulation services for AOL users. There is a...

Apple QuickTime TIFF image "StripByteCounts" integer overflow

Overview Apple QuickTime contains an integer overflow vulnerability in the handling of TIFF images, which may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Apple's QuickTime Player is multimedia software that...

Apple QuickTime image handling buffer overflow

Overview Apple QuickTime contains a heap-based buffer overflow that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime fails to properly validate QuickTime Images QTIF, potentially allowing a heap-based buffer overflow to occur. If ...

Apple QuickTime fails to properly handle corrupt GIF images

Overview Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of files in the Graphics Interchange Format GIF could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A heap overflow exists...

Apple QuickTime fails to properly handle corrupt TGA images

Overview Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa TGA image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Several types of overflow...

Apple QuickTime and iTunes QTIF image buffer overflow

Overview Apple QuickTime contains a heap-based buffer overflow that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime fails to properly validate QuickTime Images QTIF, potentially allowing a heap-based buffer overflow to occur. If ...

Apple QuickTime fails to properly handle corrupt media files

Overview Apple QuickTime contains a heap overflow vulnerability in the handling of media files which may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows...

Microsoft Outlook and Microsoft Exchange TNEF decoding buffer overflow

Overview Microsoft Outlook and Microsoft Exchange contain a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a system running the vulnerable software. Description Transport Neutral Encapsulation Format TNEFTNEF is a proprietary Microsoft...

Microsoft embedded web font buffer overflow

Overview A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded w...

Research in Motion (RIM) BlackBerry Attachment Service does not properly handle PNG image files

Overview The Research in Motion RIM BlackBerry Attachment Service contains a vulnerability in the way the service handles PNG files. By causing the service to render a specially crafted PNG file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could execute...

Research in Motion (RIM) BlackBerry Handheld web browser does not properly handle Java Application Description (JAD) files

Overview The Research in Motion RIM BlackBerry Handheld web browser is vulnerable to a denial of service via a specially crafted Java Application Description JAD file. Description The BlackBerry Handheld web browser does not properly handle malformed JAD files. JAD files in J2ME are used to...

Research in Motion (RIM) BlackBerry Router vulnerable to denial of service via Server Routing Protocol (SRP)

Overview The Research in Motion RIM BlackBerry Router contains a vulnerability in the way the router handles Server Routing Protocol SRP packets. By sending specially crafted SRP packets to the router, an attacker could cause a denial of service. Description The BlackBerry Router is a component o...

Research in Motion (RIM) BlackBerry Attachment Service does not properly handle TIFF image files

Overview The Research in Motion RIM BlackBerry Attachment Service contains a vulnerability in the way the service handles TIFF files. By causing the service to render a specially crafted TIFF file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could cause a...

Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability

Overview Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the Windows operating...