Groove Mobile Workspace vulnerable to script injection via SharePoint lists containing picture columns

Overview A vulnerability in the way that Groove Mobile Workspace handles picture columns embedded within SharePoint lists may allow attackers to execute an arbitrary script. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases,...

Groove Virtual Office sets insecure permissions on installation components

Overview Groove Virtual Office installation sets insecure permissions on installation files and folders by default. As a result, an attacker could gain access to sensitive data. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, database...

Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution

Overview Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level root privileges. Description Extreme Network switches running ExtremeWare XOS contain...

TCP does not adequately validate segments before updating timestamp value

Overview Certain TCP implementations may allow a remote attacker to arbitrarily modify host timestamp values, leading to a denial-of-service condition. Description The Transmission Control Protocol TCP is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts in...

Apple Mac OS X Foundation Framework vulnerable to buffer overflow via incorrect handling of an environmental variable

Overview A buffer overflow in Mac OS X Foundation Framework's processing of environment variables may lead to elevated privileges. Description A vulnerability is present Mac OS X Foundation Framework shipped in version 10.3.9 of Mac OS X and Mac OSX Server. There is a flaw in the handling of...

Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs

Overview Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Description The OS X Directory Services have three utilities chpass, chfn, and chsh to update information in the user database, such as user name,...

Apple Mac OS X Server NetInfo Setup Tool fails to validate command line parameters

Overview Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow an attacker to execute arbitrary code. Description NeST is the NetInfo Setup Tool for Apple Mac OS X Server. There is a buffer overflow vulnerability in the way NeST...

Apple Mac OS X vulnerable to buffer overflow via vpnd daemon

Overview Apple Mac OS X contains a buffer overflow in vpnd that could allow a local, authenticated attacker to execute arbitrary code with root privileges. Description Mac OS X includes a VPN server called vpnd, which is installed setuid root by default. vpnd fails to validate the length of the...

phpBB contains an input validation vulnerability in "includes/bbcode.php"

Overview phpBB fails to sanitize user input, allowing the possible inclusion of active script content in user posts. Description phpBB is a widely used Open Source bulletin board package written in PHP.An input validation issue has been identified that allows a malicious phpBB user to include...

RSA Authentication Agent for Web for IIS vulnerable to heap overflow via overly large "chunk"

Overview RSA Authentication Agent for Web for IIS contains a heap overflow in the handling of chunked input. This could allow a remote, unauthenticated attacker to execute arbitrary code on the server. Description RSA Authentication Agent software provides access control for networks, web...

Sun StorEdge 6130 array may allow unauthorized users to delete data

Overview Some Sun StorEdge 6130 controller arrays may contain a flaw that allows a remote unprivileged user to gain unintended access and to delete arbitrary data. Description Sun StorEdge 6130 controller arrays with a serial number in the range 0451AWF00G - 0513AWF00J may contain an unknown flaw...

Microsoft Windows Explorer vulnerable to script injection via the Web View DLL

Overview Windows Explorer is vulnerable to script injection via the Web View DLL. Exploitation of this vulnerability may lead to execution of arbitrary code. Description Windows Explorer uses the Web View DLL webvw.dll to display information about a selected file/folder file size, author, version...

Mozilla Firefox executes JavaScript in the "IconURL" parameter of "InstallTrigger.install()" with chrome privileges

Overview Mozilla Firefox may execute JavaScript contained within the IconURL parameter of InstallTrigger.install with chrome privileges. This may allow an attacker to execute arbitrary commands on a vulnerable system. Description XPInstallXPInstall is a cross-platform software installation method...

Mozilla fails to properly prevent "JavaScript:" URIs containing "eval()" from being executed in the context of other URIs in the history list

Overview Mozilla fails to properly restrict the execution of javascript: URIs. The impact is similar to that of a cross-site scripting vulnerability, which allows an attacker to access data in other sites. Description Mozilla uses a same origin security model to maintain separation between browse...

Apple Mac OS X with Bluetooth enabled may allow file exchange without prompting users

Overview Apple Mac OS X with Bluetooth support may unintentionally allow files to be exchanged with other systems by default. Description Mac OS X includes support for the Bluetooth networking protocol suite. Bluetooth is a communication technology that enables short-range communication between...

Apple Mac OS X Server Admin fails to properly restrict users from using the proxy service

Overview The Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service. Description Mac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the...

IPsec configurations may be vulnerable to information disclosure

Overview The IPsec Encapsulating Security Payload protocol used in tunneling mode may be vulnerable to multiple attacks when confidentiality mode is used without integrity protection, or in certain cases where integrity protection is provided by higher-level protocols. Description The IP Security...

Apple Cocoa applications vulnerable to denial of service via malformed TIFF image

Overview Apple Mac OS X applications using the Cocoa environment may quit due to an unhandled exception in TIFF image handling routines. Description Mac OS X applications may take advantage of the Cocoa programming environment, which is described by Apple as "an object-oriented application...

Apple Terminal fails to properly sanitize input for "x-man-page" URI

Overview Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing an attacker to execute arbitrary commands. Description Mac OS X 10.3 includes a URI handler called x-man-page. It causes Apple Terminal to display a man page by using a URI of this form: x-man-page://command...

Debian CVS "pserver" remote access authentication bypass vulnerability

Overview Debian Concurrent Versions System CVS remote repositories using "pserver" with the cvs-repouid Debian patch are vulnerable to authentication bypass. Description CVS is a version control and source code maintenance system that is widely used by open-source software development projects.Th...

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the diclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exist in numerous...

sendfile() system call may leak sections of kernel memory

Overview The sendfile system call does not handle specially crafted files properly. Exploitation of this vulnerability may leak sensitive information to a local attacker. Description The sendfile system call is used to send a file through a socket without copying the file data into memory. A...

Mozilla Firefox fails to properly perform security checks on "_search" target

Overview A vulnerability in Mozilla Firefox may allow a remote attacker to install malicious code on or read protected information from a vulnerable system. Description The Firefox web browser features the ability to open a hyperlink in the "search" web panel. Firefox fails to perform adequate...

Oracle contains multiple SQL injection vulnerabilities

Overview Oracle Database Server versions 9i and 10g contain flaws that may allow SQL injection with privileges of the SYSDBA user. Description Oracle Database Server versions 9i and 10g are vulnerable to SQL injection. These flaws may allow a local attacker with the ability to create function...

Mozilla may execute JavaScript with elevated privileges when defined in site icon tag

Overview Mozilla may execute JavaScript contained within a site icon tag with elevated privileges. This may allow an attacker to execute arbitrary commands on a vulnerable system. Description XPCOMXPCOM is a cross-platform component object model similar to Microsoft COM or CORBA. XPCOM provides t...

Microsoft Object Management DoS Vulnerability

Overview Microsoft Object Management code has a buffer overflow vulnerability that can cause a system to reboot. Description A buffer overflow vulnerability in Microsoft Object Management code exists that could be attacked by sending specially crafted requests locally on an affected operating...

Microsoft Windows Kernel Vulnerability

Overview A privilege elevation vulnerability exists in the way that the Windows' kernel processes certain access requests. This vulnerability could allow a logged on user to take complete control of the system. Description A locally authenticated user could potentially exploit a vulnerability in...

Microsoft Client Server Runtime System Vulnerability

Overview The Microsoft Client Server Runtime System CSRSS incorrectly validates certain messages potentially resulting in privilege elevation. Description CSRSS is the user-mode part of the Win32 subsystem. Win32.sys is the kernel-mode portion of the Win32 subsystem. The Win32 subsystem must be...

Microsoft font processing buffer overflow vulnerability

Overview A privilege elevation vulnerability exists in the way that Microsoft Windows processes certain fonts. This vulnerability could allow a logged on user to take complete control of the system. Description Due to an unchecked buffer in the processing of malicious fonts, a locally authenticat...

Microsoft Windows vulnerable to DoS via LAND attack

Overview A vulnerability in Microsoft Windows may allow a remote attacker to cause a denial of service. Description Microsoft Windows XP SP2 and Windows Server 2003 are vulnerable to a denial-of-service attack via a crafted TCP packet. The packet is spoofed in a manner such that the source and...

Microsoft Word contains a buffer overflow vulnerability

Overview Microsoft Word contains a vulnerability that may result in the execution of code on the system with the privileges of the current user. Description Microsoft Word contains a buffer overflow vulnerability that may be exploited by opening a maliciously-crafted word document. Successful...

Microsoft Word contains a buffer overflow vulnerability

Overview Microsoft Word contains a vulnerability that may result in the execution of code on the system with the privileges of the current user. Description Microsoft Word contains a vulnerability that may be exploited by opening a maliciously-crafted word document. Successful exploitation would...

Microsoft Exchange Server contains unchecked buffer in SMTP extended verb handling

Overview A vulnerability in some versions of Microsoft's Exchange Server may allow a remote attacker to execute arbitrary code on an affected server. Description Microsoft's Exchange Server supports a number of protocols for handling email, including the Simple Mail Transfer Protocol SMTP and SMT...

Microsoft Windows does not adequately validate IP options

Overview Microsoft Windows does not adequately validate IP options, allowing an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service. An attacker could take complete control of a vulnerable system. Description Several versions of the Microsoft Windows IP stack a...

Microsoft Internet Explorer DHTML objects contain a race condition

Overview A race condition in the way that Internet Explorer handles DHTML objects may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft:Dynamic HTML DHTML is built on an object model that extends the traditional static HTML document which...

Microsoft Internet Explorer Content Advisor contains a buffer overflow

Overview A buffer overflow in Microsoft Internet Explorer Content Advisor may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Content Advisor is used to control what content is viewable in Internet Explorer. A buffer overflow exists in the routines that...

Microsoft Internet Explorer URL validation routine contains a buffer overflow

Overview A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE contains an unspecified vulnerability in the way that it handles certain URLs. The process that checks the URL contain...

Microsoft MSN Messenger GIF processing buffer overflow

Overview MSN Messenger clients before version 7.0 will allow remote attackers to take control of a computer if malicious GIF files are processed. Description Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with people using text messages, voice and vid...

TCP/IP implementations do not adequately validate ICMP error messages

Overview Multiple TCP/IP implementations do not adequately validate ICMP error messages. A remote attacker could cause TCP connections to drop or be degraded using spoofed ICMP error messages. Description A number of widely accepted Internet standards describe different aspects of the relationshi...

Microsoft Windows opens OLE2 documents using a program specified internally by the document

Overview Microsoft Windows may allow remote code execution through specially crafted OLE2 documents. Description Microsoft object linking and embedding OLE is a technology that allows applications to create and edit compound documents. Compound documents can contain embedded documents or links to...

Linux kernel Bluetooth support fails to properly bounds check "protocol" variable

Overview Linux kernels with Bluetooth support do not adequately validate the "protocol" value, allowing a local user to execute arbitrary code with elevated privileges. Description Linux kernels with Bluetooth support may contain a local root vulnerability, even if Bluetooth hardware is not...

Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c

Overview Multiple Telnet clients contain a data length validation flaw that may allow a malicious server to execute arbitrary code on the client host with privs of client. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facilit...

Symantec Norton AntiVirus vulnerable to DoS via the "Auto-Protect" module

Overview Symantec Norton AntiVirus may hang or crash when the Auto-Protect module scans certain files. Description Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic file scanning and detection of viruse...

Symantec Norton AntiVirus vulnerable to DoS via the Auto-Protect "SmartScan" feature

Overview Symantec Norton AntiVirus may hang or crash when the Auto-Protect module SmartScan feature scans a renamed file on a network share. Description Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic...

Mozilla products vulnerable to heap overflow via specially crafted GIF file

Overview Mozilla products, including the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird, are vulnerable to a heap-based overflow in the GIF image-processing routines. Description The Mozilla project produces an application suite Mozilla Suite, web browsers Mozilla Firefox, email software...

Multiple Telnet clients fail to properly handle the "LINEMODE" SLC suboption

Overview Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protoco...

Multiple web browsers vulnerable to spoofing via Internationalized Domain Name support

Overview Multiple web browsers are vulnerable to spoofing attacks through the use of Internationalized Domain Names. Other applications such as email programs may also be vulnerable. Description The Domain Name System The Domain Name System DNS provides name, address, and other information about...

McAfee Scan Engine vulnerable to buffer overflow in LHA decoder

Overview A buffer overflow vulnerability in the McAfee Virus Scan Engine may allow a remote attacker to execute arbitrary code on an affected system. Because the vulnerability exists in a core component, a number of different McAfee products are affected. Description The McAfee Antivirus products...

NotifyLink server provides inadequate protection for cryptographic key material

Overview The NotifyLink key exchange protocol contains a vulnerability that significantly reduces the strength of cryptographic keys used to encrypt mail messages. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...

NotifyLink web client fails to adequately restrict access to administrative functions

Overview The NotifyLink web interface contains a vulnerability that allows authenticated normal users to access functions that have been disabled by an administrator. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...