3702 matches found
Microsoft embedded web font buffer overflow
Overview A heap-based buffer overflow in the way Microsoft Windows processes embedded web fonts may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows contains a heap-based buffer overflow in a routine that processes embedded w...
Microsoft Outlook and Microsoft Exchange TNEF decoding buffer overflow
Overview Microsoft Outlook and Microsoft Exchange contain a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a system running the vulnerable software. Description Transport Neutral Encapsulation Format TNEFTNEF is a proprietary Microsoft...
Research in Motion (RIM) BlackBerry Attachment Service does not properly handle PNG image files
Overview The Research in Motion RIM BlackBerry Attachment Service contains a vulnerability in the way the service handles PNG files. By causing the service to render a specially crafted PNG file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could execute...
Research in Motion (RIM) BlackBerry Handheld web browser does not properly handle Java Application Description (JAD) files
Overview The Research in Motion RIM BlackBerry Handheld web browser is vulnerable to a denial of service via a specially crafted Java Application Description JAD file. Description The BlackBerry Handheld web browser does not properly handle malformed JAD files. JAD files in J2ME are used to...
Research in Motion (RIM) BlackBerry Router vulnerable to denial of service via Server Routing Protocol (SRP)
Overview The Research in Motion RIM BlackBerry Router contains a vulnerability in the way the router handles Server Routing Protocol SRP packets. By sending specially crafted SRP packets to the router, an attacker could cause a denial of service. Description The BlackBerry Router is a component o...
Research in Motion (RIM) BlackBerry Attachment Service does not properly handle TIFF image files
Overview The Research in Motion RIM BlackBerry Attachment Service contains a vulnerability in the way the service handles TIFF files. By causing the service to render a specially crafted TIFF file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could cause a...
Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability
Overview Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the Windows operating...
VMware NAT Service vulnerable to buffer overflow via FTP PORT/EPRT commands
Overview The VMware NAT Service used in multiple VMware products contains a buffer overflow in the way it handles FTP PORT and EPRT commands. An attacker could execute arbitrary code with the privileges of the NAT service or cause a denial of service. Description VMware virtualization software...
Symantec RAR decompression library contains multiple heap overflows
Overview The Symantec RAR decompression library Dec2RAR.dll contains multiple heap buffer overflows. Using a specially crafted RAR archive, a remote attacker could execute arbitrary code or cause a denial of service. Description Symantec AntiVirus and other security products use a library to...
MediaWiki fails to properly verify input passed to the user language option
Overview A vulnerability in some versions of MediaWiki may allow a remote attacker to execute code on a vulnerable wiki server. Description MediaWiki is a PHP-based software package that is used to run a wiki, a collaborative website that can be edited by any user or visitor. Some versions of the...
Perl programs providing user-controlled I/O format strings may contain format string vulnerabilities
Overview Programs written in Perl may contain many of the same types of format string vulnerabilities as programs written in C. Description Perl is a programming language used in many applications and commonly used for web applications. It provides many of the same functions for formatted I/O as ...
Perl contains an integer sign error in format string processing
Overview The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl. Description Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes...
Sun Java Management Extensions privilege escalation vulnerability
Overview A vulnerability in the Sun Java Management Extensions API may allow a remote attacker to execute arbitrary code. Description According to Sun Microsystems:Java Management Extensions JMX technology provides the tools for building distributed, Web-based, modular and dynamic solutions for...
Sun Java Runtime Environment applet privilege escalation vulnerability
Overview The Sun Java Runtime Environment JRE may allow an untrusted Java applet to bypass Java security settings and execute arbitrary code. Description The Sun Java Runtime Environment provides the libraries and components necessary to run Java-based applications. There is an unspecified...
Sun Java Runtime Environment "reflection" API privilege elevation vulnerabilities
Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...
Cisco PIX fails to verify TCP checksum
Overview Versions of Cisco PIX firewalls do not validate the checksum of transiting TCP packets. Attackers may be able to use this problem to create a sustained denial-of-service under certain conditions. Description Cisco PIX firewall systems are used to enforce site-specific network security...
Microsoft Internet Explorer vulnerable to code execution via mismatched DOM objects
Overview Microsoft Internet Explorer fails to properly handle requests to mismatched DOM objects, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer does not properly handle requests to mismatched DOM objects, such as the...
IBM Tivoli Directory Server may allow unauthorized access
Overview IBM Tivoli Directory Server may allow unauthorized access to change, modify, and/or delete directory data under certain circumstances. Description The IBM Tivoli Directory Server product is described as:IBM Tivoli Directory Server provides a powerful Lightweight Directory Access Protocol...
Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations
Overview Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 IKEv1 implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an...
First4Internet CodeSupport ActiveX controls incorrectly marked 'safe for scripting'
Overview An ActiveX control used to uninstall XCP Digital Rights Management DRM software made by First 4 Internet and distributed on some Sony BMG audio CDs is marked "Safe for scripting" Description XCP Digital Rights Management DRM software by First 4 Internet, which is distributed by some Sony...
VERITAS NetBackup library buffer overflow vulnerability
Overview A buffer overflow in VERITAS NetBackup may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to Symantec/VERITAS:A vulnerability has been confirmed in the NetBackup Volume Manager daemon vmd. By sending a specially crafted...
Macromedia Flash Player fails to properly validate the frame type identifier read from a "SWF" file
Overview A buffer overflow vulnerability in some versions of the Macromedia Flash Player may allow a remote attacker to execute code on a vulnerable system. Description The Macromedia Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed...
Optimistic TCP acknowledgements can cause denial of service
Overview A vulnerability in the TCP congestion control mechanism could be leveraged by an attacker to cause a denial of service. Description The Transmission Control Protocol TCP is described in RFC 793 as a means to provide reliable host-to-host transmission in a packet-switched computer network...
Microsoft PKINIT smart card logon vulnerable to information disclosure and spoofing
Overview Microsoft PKINIT smart card authentication is vulnerable to an information disclosure flaw that may allow an attacker to spoof a trusted server. Description From the Microsoft PKINIT description: PKINIT is an Internet Engineering Task Force IETF Internet Draft for "Public Key Cryptograph...
Apple QuickTime PictureViewer PICT data decompression buffer overflow
Overview Apple QuickTime PictureViewer contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote audio/video content. PictureViewer is a...
Microsoft Windows vulnerable to buffer overflow via specially crafted WMF file
Overview Microsoft Windows may be vulnerable to remote code execution via a buffer overflow in the Windows Metafile image format handling. Description Windows Metafile WMF format images are metafiles that can contain both vector and bitmap-based information. Microsoft Windows contains routines fo...
Microsoft Windows buffer overflow in Enhanced Metafile rendering API
Overview Microsoft Windows Enhanced Metafile Format image rendering routines contain a buffer overflow flaw that may allow an attacker to cause a denial-of-service condition. Description Microsoft describes the Enhanced Metafile Format EMF as the following:An EMF image is a 32-bit format that can...
Microsoft Windows Graphics Rendering Engine buffer overflow vulnerability
Overview Microsoft Windows Graphics Rendering Engine contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including Windows Metafile WMF and...
Cisco IOS heap integrity checks are insufficient
Overview Cisco Internetwork Operating System IOS may allow a heap-based buffer overflow vulnerability to execute arbitrary code after bypassing heap integrity checks. Description Cisco IOS contains functionality for checking the integrity of the heap, which is a specific region in memory where da...
Cisco IPS MC Malformed Configuration Download Vulnerability
Overview Cisco Management Center for IPS Sensors IPS MC contains a vulnerability that may cause some IPS signatures to become unintentionally disabled. Description Cisco IOS IPSCisco IOS IPS Intrusion Prevention System is a feature for Cisco IOS devices that provides in-line intrusion prevention...
Skype VCARD handling routine contains a buffer overflow
Overview A buffer overflow in the way Skype handles imported VCARDs may allow a remote attacker to execute code on a vulnerable system. Description Skype software provides telephone service over IP networks. Skype fails to properly validate imported VCARDs, allowing a buffer overflow to occur. Th...
Skype URI handling routine contains a buffer overflow
Overview A buffer overflow in Skype may allow a remote attacker to execute code on a vulnerable system. Description Skype software provides telephone service over IP networks. There is a buffer overflow in the routines that handle Skype-specific URIs callto:// or skype://. The buffer overflow may...
Skype vulnerable to heap-based buffer overflow
Overview A heap-based buffer overflow in Skype may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Skype software provides telephone service over IP networks. Skype contains a buffer overflow in a routine that parses incoming network traffic...
Oracle Application Server Internet Directory vulnerability
Overview An unspecified vulnerability in the Oracle Internet Directory may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Internet Directory provides directory services, such as LDAP support, for the Oracle Application Server. There...
Oracle HTTP Server vulnerability
Overview An unspecified vulnerability in Oracle's HTTP Server Apache may allow a remote, unauthenticated attacker to compromise system confidentiality, integrity, and availability. Description Oracle Application Server and Database Server includes Apache as an HTTP server. There is an vulnerabili...
Oracle E-Business Suite Applications Technology Stack vulnerability
Overview An unspecified vulnerability in the Oracle Applications Technology Stack may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Applications Technology Stack is a collection of Oracle products bundled with the Oracle E-Business...
Oracle E-Business Suite Applications Utilities vulnerability
Overview An unspecified vulnerability in the Oracle Applications Utilities may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Applications Utilities is a component of the Oracle E-Business Suite. There is an vulnerability in the...
Oracle Human Resource Management System vulnerability
Overview An unspecified vulnerability in the Oracle Human Resource Management System HRMS may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description According to Oracle:The Oracle E-Business Suite Human Resources Management family of applications...
Oracle Application Server SQL*ReportWriter vulnerability
Overview An unspecified vulnerability in the Oracle SQLReportWriter may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle SQLReportWriter is a component of the Oracle Application Server. There is an vulnerability in the Oracle...
Oracle Application Server Web Cache vulnerability
Overview Oracle Applications Server Web Cache contains an unspecified information disclosure vulnerability. Description Oracle Applications Server Web Cache contains a vulnerability. The details of this vulnerability are not clear. However, Oracle states this issue can allow an attacker to easily...
Oracle Database Server buffer overflow in Security Component
Overview The Oracle Database Server Security Component contains a buffer overflow. Exploitation may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A lack of input validation in the Oracle Database Server Security Component may allow a buffer...
Oracle Enterprise Manager Oracle Agent contains a buffer overflow
Overview Oracle Enterprise Manager Oracle Agent contains a buffer overflow vulnerability. Exploitation may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description The Oracle Agent provides remote management services for Oracle Enterprise...
Oracle products contain multiple vulnerabilities
Overview Multiple vulnerabilities exist in numerous Oracle products. The severity and impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exi...
Snort Back Orifice preprocessor buffer overflow
Overview A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description Snort is an open-source intrusion detection system IDS. A lack of validation on attacker-controlled...
UW-IMAP vulnerable to a buffer overflow
Overview UW-IMAP contains a buffer overflow vulnerability that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system. Description The University of Washington IMAP Server UW-IMAP is an email server that uses the Internet Message Access Protocol lMAP. A lack o...
Microsoft BlnMgr Proxy (blnmgrps.dll) COM object fails to implement required methods
Overview The Microsoft BlnMgr Proxy COM object fails to implement the methods required by the IDispatch interface, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable...
Microsoft Windows FTP client does not properly validate received file names
Overview An input validation error in the Microsoft Windows FTP Client may allow a remote attacker to write files to arbitrary locations and may allow the execution of arbitrary code. Description The Microsoft Windows FTP Client does not properly validate the names of received files. If a remote...
VERITAS NetBackup Java Administration Console contains a format string vulnerability in "bpjava-msvc"
Overview The VERITAS NetBackup Java Administration Console contains a format string vulnerability, which may allow an unauthenticated, remote attacker to execute arbitrary code with root or SYSTEM privileges. Description The Java Administration Console is an alternative administrative interface f...
Microsoft DirectShow buffer overflow
Overview A buffer overflow in Microsoft DirectShow may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectShow is a programming architecture for streaming multimedia on the Microsoft Windows platform. An input validation error in...
Microsoft Plug and Play fails to properly validate user supplied data
Overview Microsoft Plug and Play contains a flaw in message buffer handling that may result in local or remote arbitrary code execution or a denial-of-service condition. Description The following is from the Microsoft Plug and Play description: Plug and Play PnP allows the operating system to...