Cisco IOS vulnerable to DoS or arbitrary code execution via specially crafted IPv6 packet

Overview Cisco Internetwork Operating System IOS IPv6 packet handling is vulnerable to a denial-of-service attack and may potentially be vulnerable to a flaw that allows arbitrary code execution. Description Cisco Systems devices running IOS that are configured to handle Internet Protocol version...

Some SSH servers on Microsoft Windows set insecure permissions for the host identification key file

Overview SSH provides remote, encrypted terminal access to hosts. Some SSH servers, when running on Microsoft Windows, set insecure permissions on the file storing the private SSH server hostkey. This could allow an authenticated user to obtain the SSH hostkey and use it to impersonate the server...

WebEOC is vulnerable to a denial-of-service condition via uploading large files

Overview WebEOC does not properly impose size limits on files that a user can upload. This may allow a authorized attacker to exhaust system resources leading to a denial-of-service condition. Description WebEOC is a web-based crisis information management application that provides functions to...

WebEOC is vulnerable to cross-site scripting attacks

Overview WebEOC contains multiple cross-site scripting vulnerabilities that may allow a remote attacker to inject and execute arbitrary script using a vulnerable WebEOC site. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate,...

WebEOC implements weak algorithms to encrypt sensitive information

Overview WebEOC uses weak cryptographic algorithms to encrypt sensitive information. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate information between emergency personnel and Emergency Operations Centers...

WebEOC contains multiple SQL injection vulnerabilities

Overview WebEOC contains multiple SQL injection vulnerabilities that may allow attackers to execute sql queries, potentially viewing or modifying data, or executing database commands. Description WebEOC is a web-based crisis information management application that provides functions to gather,...

WebEOC handles sensitive information in an insecure manner

Overview WebEOC handles sensitive information in an insecure manor. As a result, sensitive information may be exposed to untrusted parties. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate information betwee...

WebEOC privileges are based on client-side authorization

Overview WebEOC ties privileges and roles to client-side resources. If an attacker can access a resource directly, that attacker will be granted all the privileges associated with that resource. Description WebEOC is a web-based crisis information management application that provides functions to...

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions Description Multiple vulnerabilities exist in numerous...

MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to overflow a heap buffer by one byte

Overview Unauthenticated attacker can cause MIT krb5 Key Distribution Center KDC to overflow a heap buffer by one byte, possibly leading to arbitrary code execution. Description Kerberos is a network authentication system which uses a trusted third party a KDC to authenticate clients and servers ...

MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to free unallocated memory

Overview An unauthenticated attacker can cause MIT krb5 Key Distribution Center KDC to free unallocated memory, possibly leading to arbitrary code execution. Description Kerberos is a network authentication system which uses a trusted third party a KDC to authenticate clients and servers to each...

WebEOC uses a global shared key

Overview WebEOC installations may use the a common secret key to encrypt data. If an attacker can retrieve this key from one site, they will be able to decipher all data encoded with the key across all WebEOC installations. Description WebEOC is a web-based crisis information management applicati...

WebEOC account lock-out policy may allow a denial-of-service

Overview WebEOC account lock out policy may allow a remote attacker to disable user and system accounts resulting in a denial-of-service condition. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate informatio...

MIT Kerberos 5 contains double free vulnerability in "krb5_recvauth()" function

Overview An unauthenticated attacker can cause krb5recvauth function to free a block of memory twice, possibly leading to arbitrary code execution. Description Kerberos is a network authentication system that uses a trusted third party a KDC to authenticate clients and servers to each other. It i...

Microsoft Word buffer overflow in font processing routine

Overview A buffer overflow in the font processing routine used by Microsoft Word may allow a remote attacker to execute code on a vulnerable system. Description Microsoft Word contains a buffer overflow in the routine that processes fonts. An remote attacker may be able to trigger the buffer...

Microsoft Color Management Module buffer overflow during profile tag validation

Overview Microsoft Color Management Module contains a flaw that may allow an attacker to execute arbitrary code. Description The Microsoft Color Management Module provides consistent color management operations between applications and devices, and transforms between colorspaces such as 'RGB' and...

AIX FTP server may not properly timeout ephemeral data ports

Overview The IBM AIX FTP server may be vulnerable to a denial-of-service condition when passive data ports are not closed properly. Description IBM AIX includes an FTP server, ftpd, which allows files to be transferred between hosts with the FTP protocol. This server is vulnerable to a condition...

zlib inflate() routine vulnerable to buffer overflow

Overview A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate. Description There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate routine. If an attacker...

Multiple PHP XML-RPC implementations vulnerable to code injection

Overview A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Description XML-RPC is a specification and a set of implementations that allow software running on disparate operating systems and in different environments to make...

Ettercap contains a format string error in the "curses_msg()" function

Overview Ettercap has a format string vulnerability in the ncurses user interface. Description Ettercap is open-source software designed for man-in-the-middle attacks on LANs. Ettercap contains multiple user interfaces, including one written using ncurses, a library for manipulating text screens...

Apple Web Kit-based browsers may allow remote access to local filesystem contents

Overview Web browsers based on AppleWebKit may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browsers that allow remote web sites to reference content that resides...

JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability

Overview The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can be...

Microsoft Message Queuing vulnerable to buffer overflow

Overview Microsoft Message Queuing contains a buffer overflow vulnerability. This could allow a remote attacker to execute arbitrary code on the system running the vulnerable software. Description Microsoft Message Queuing MSMQ is a component of Microsoft Windows that provides messaging services...

XMLHttpRequest Object security bypass in Opera Web Browser

Overview The Opera Web Browser fails to properly enforce security restrictions on the XMLHttpRequest Object. This may allow a remote, unauthenticated attacker to insert content from potentially malicious web sites. Description The XMLHttpRequest Object is a scripting object that provides routines...

Microsoft Log Sink Class ActiveX control incorrectly marked "safe for scripting"

Overview The Microsoft Log Sink Class ActiveX control is incorrectly marked safe for scripting. This may allow a remote attacker to create or append to arbitrary files on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software components...

VERITAS Backup Exec Server Service contains a buffer overflow vulnerability

Overview A heap-based buffer overflow in VERITAS Backup Exec Admin Plus Pack Option may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.VERITA...

VERITAS Backup Exec Remote Agent fails to properly validate authentication requests

Overview Backup Exec Remote Agent for Windows Servers contains a buffer overflow vulnerability due to incorrect validation on authentication requests. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup. The VERITAS Backup Exec Agent run...

VERITAS Backup Exec remote registry access validation vulnerability

Overview VERITAS Backup Exec contains a remote registry access validation vulnerability. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.An access validation vulnerability in Backup Exec for Windows allows remote attackers to access...

paFileDB fails to properly sanitize "query" parameter in "pafiledb.php"

Overview paFileDB works around the default "off" state for the "registerglobals" security directive in PHP and then fails to initialize the "query" variable, which can be used to inject arbitrary SQL queries. Description "paFileDB is designed to allow webmasters have a database of files for...

Microsoft Agent vulnerable to trusted site spoofing

Overview Microsoft Agent contains a vulnerability that could allow a remote attacker to spoof trusted Internet content. Description Microsoft Agent is a software extension that enhances user interaction through the use of interactive personalities in the form of animated characters. Applications...

Microsoft ISA Server 2000 vulnerable to privilege escalation via "NETBIOS" connection

Overview Microsoft Internet Security and Acceleration Server 2000 contains an elevation of privilege vulnerability that allows an attacker to create unintended NetBIOS service connections within the affected ISA Server host. Description Microsoft ISA Server 2000 contains firewall, virtual private...

Microsoft Outlook Web Access vulnerable to cross-site scripting

Overview Microsoft Outlook Web Access may be vulnerable to cross-site scripting attacks. Description Microsoft Outlook Web Access OWA allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser.Microsoft Outlook Web Access for Exchange Server...

Microsoft Outlook Express vulnerable to remote code execution

Overview A vulnerability in Microsoft Outlook Express's NNTP response parsing may allow an attacker to execute arbitrary code. Description Microsoft Outlook Express contains support for Network News Transfer Protocol NNTP data, which is defined in RFC 977 and RFC 2980. A flaw in Outlook Express'...

Microsoft Server Message Block vulnerable to buffer overflow

Overview Microsoft Server Message Block SMB is vulnerable to a buffer handling flaw when processing incoming SMB packets that may lead to remote code execution. Description Server Message Block is a protocol which allows sharing of files, printers, serial ports, and other abstractions. The SMB...

Microsoft Internet Explorer buffer overflow in PNG image rendering component

Overview A buffer overflow in the PNG image rendering component of Microsoft Internet Explorer IE may allow a remote attacker to execute code on a vulnerable system. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...

Microsoft HTML Help vulnerable to integer overflow

Overview Microsoft HTML Help contains an integer overflow vulnerability, allowing a remote attacker to execute arbitrary code. Description HTML Help The Microsoft HTML Help system ". . . is the standard help system for the Windows platform." HTML Help components can be compiled to ". . . compress...

Telnet Client Information Disclosure Vulnerability

Overview A vulnerability in the handling of the NEW-ENVIRON command allows a malicious telnet server to gain information from a client's environment variables. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telne...

Microsoft Windows help viewer vulnerable to heap overflow

Overview A vulnerability exists in the Microsoft Windows help viewer application that could allow a remote attacker to execute code of their choosing on a vulnerable system. Description The Microsoft Windows help viewer winhlp32.exe provides application assistance to users through a special type ...

Apple Mac OSX executes arbitrary widget with same "bundle identifier" as system widget

Overview Apple Mac OS X Tiger Dashboard executes arbitrary widgets with the same "bundle identifier" as a system widget. This can allow a user-installed widget to override a system-installed one. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is...

Cisco IOS Easy VPN Server may allow unauthorized users to complete XAUTH authentication

Overview A vulnerability in Cisco IOS Easy VPN Server may allow unauthorized users to complete XAUTH authentication and potentially access private network resources. Description Easy VPN Server Cisco IOS Easy VPN Server allows an IOS device to function as a VPN concentrator, providing...

Cisco ACNS may be vulnerable to DoS via malformed IP packets

Overview A vulnerability in Cisco ACNS may allow a remote attacker to cause a denial of service on an affected device. Description Cisco Application and Content Networking System ACNS is an integrated caching and content-delivery platform. Specially crafted IP packets can cause excessive CPU...

Cisco IOS Easy VPN Server fails to properly process ISAKMP profile attributes

Overview Cisco IOS Easy VPN Server fails to properly process ISAKMP profile attributes. This may allow a remote, unauthenticated attacker to access the private network. Description Easy VPN Server Cisco IOS Easy VPN Server allows an IOS device to function as a VPN concentrator, providing...

Apple Safari automatically installs Dashboard widgets

Overview Apple Safari on Mac OS X Tiger automatically installs Dashboard widgets without user intervention or notice. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is a collection of applications called "widgets." The system-installed widgets a...

RSA Authentication Agent for Web fails to properly validate input

Overview The RSA Authentication Agent for Web running on Microsoft Internet Information Services IIS does not properly validate input that is passed to the "postdata" parameter in "/WebID/IISWebAgentIF.dll" and may allow an attacker to execute code in a user's browser. Description RSA...

Yamaha MusicCAST MCX-1000 wireless network interface operates in Access Point mode by default

Overview The Yamaha MusicCAST MCX-1000 server wireless networking interface is enabled by default, cannot be disabled, and operates in Access Point mode. A remote attacker could access the MusicCAST wireless network and potentially any other network connected to the MusicCAST. Description The...

Adobe Acrobat and Acrobat Reader vulnerable to information disclosure via "LoadFile()" method in ActiveX control

Overview Adobe Acrobat Reader and Acrobat web control contain a flaw that allows the existence of local files to be discovered. Description The Adobe Acrobat Internet Explorer ActiveX web control may disclose the existence of local files if the LoadFile method is called with the complete file nam...

Simultaneous multithreading processors may leak information through cache eviction analysis techniques

Overview Operating systems on hardware platforms supporting simultaneous multi-threading Hyper-Threading technology in particular are potentially vulnerable to information leakage to local users. Proof of concept papers and code demonstrating successful attacks against cryptographic keys are in...

Groove Mobile Workspace vulnerable to script injection via SharePoint replicated menus

Overview A vulnerability in the way that Groove Mobile Workspace handles SharePoint lists may allow an attacker to execute an arbitrary script. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and applications among other...

Groove Virtual Office may not correctly display file names

Overview Groove Virtual Office may not correctly display the names of attached or embedded files. A remote attacker may be able to trick a user into executing arbitrary code. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases,...

Groove Virtual Office COM objects may be accessed insecurely

Overview Groove Virtual Office may allow access restrictions on COM objects to be bypassed. Exploitation may allow an attacker to execute arbitrary code. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and various other too...