NotifyLink contains multiple SQL injection vulnerabilities

Overview There are multiple vulnerabilities in NotifyLink that allow unauthenticated remote users to view or modify the contents of the NotifyLink SQL database. Possible modifications include the addition of unauthorized user and administrator accounts. Description Notify Technology NotifyLink...

NotifyLink administrative interface displays user passwords in clear text

Overview The NotifyLink web interface grants administrative users inappropriate access to private user password information. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The application consists of a PDA-specific...

Apache Tomcat fails to properly handle certain requests

Overview Apache Tomcat does not properly handle certain types of requests allowing a remote attacker to cause a denial of service. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Tomcat uses the AJP12 protocol on TCP 8007 by default for...

Cisco ACNS RealServer RealSubscruber vulnerable to DoS via malformed IP packets

Overview A vulnerability in Cisco ACNS RealServer RealSubscriber may allow a remote attacker to cause a denial of service on an affected device via malformed IP packets. Description Cisco Application and Content Networking System ACNS is an integrated caching and content-delivery platform. ACNS 5...

ISC DHCP contains a format string vulnerabilty in errwarn.c

Overview The Internet Systems Consortium ISC Dynamic Host Configuration Protocol DHCP application contains a format string vulnerability in errwarn.c that could allow an attacker to execute arbitrary code. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provide...

SafeNet Sentinel License Manager vulnerable to buffer overflow

Overview SafeNet Sentinel License Manager contains a buffer overflow vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the server. Description SafeNet Sentinel License Manager LM is a software-based license management application. It is reported that th...

nfs-utils vulnerable to buffer overflow in "getquotainfo()" in "rquota_server.c"

Overview A vulnerability in nfs-utils could permit an attacker to execute arbitrary code on the system or cause a denial of service. Description The NFS protocol provides remote access to shared files accross networks. The nfs-utils package provides an NFS client and server for Linux systems...

IBM AIX auditselect contains format string vulnerability

Overview IBM AIX auditselect command contains a format string vulnerability that may allow a local attacker to execute arbitrary code. Description According to IBM's Command Reference, the syntax and description of the auditselect command are as follows:$ auditselect -e "Expression" | -f File -m...

Gaim vulnerable to DoS via specially crafted HTML

Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...

Golden FTP server contains a buffer overflow

Overview Golden FTP server contains a buffer overflow that may allow a remote attacker to execute arbitrary code. Description Golden FTP server is a personal FTP server for the Microsoft Windows platform. The RNTO rename to command is used in conjunction with the RNFR rename from to rename a file...

AWStats fails to validate input supplied to pluginmode parameter

Overview AWStats performs inadequate validation on user-controlled data that is supplied to the pluginmode parameter. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary commands. Description AWStats is a Perl CGI script that collects and graphically displays...

HP-UX FTP daemon is vulnerable to a buffer overflow

Overview The HP-UX FTP daemon ftpd contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code. Description The HP-UX FTP daemon ftpd is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is...

phpBB vulnerable to file disclosure

Overview The phpBB input validation methods may fail to sanitize user input resulting in a disclosure of arbitrary file data. Description phpBB is a customizable open source bulletin board package. It contains functionality that allows users to specify graphic files for use as "avatars." These...

Gaim vulnerable to malformed SNAC packet infinite processing loop

Overview Gaim contains a flaw in the processing of certain packets that may cause a denial of service. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar protocol, MSN Messenger,...

Gaim vulnerable to HTML processing denial of service

Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...

mod_python vulnerable to information disclosure via crafted URL

Overview The Apache modpython module is vulnerable to unintended remote information disclosure using specially crafted URLs. Description From the modpython web page:Modpython is an Apache module that embeds the Python interpreter within the server. With modpython you can write web-based...

Squid fails to parse empty access control lists correctly

Overview The Squid web proxy cache may fail to handle empty Access Control Lists ACLs in the intended manner. Description Squid functions as a web proxy and cache application for a number of protocols. However, Squid Access Control List ACL routines may not parse an empty list as intended. An emp...

Verity Ultraseek contains a cross-site scripting vulnerability in the processing of search requests

Overview Verity's Ultraseek application contains a cross-site scripting vulnerability in the processing of search requests. Description Verity Ultraseek is a web site search engine application. Ultraseek contains a cross-site scripting vulnerability in the processing of search requests. More...

OpenConnect Webconnect read-only directory traversal vulnerability in jretest.html

Overview OpenConnect Webconnect contains a read-only directory traversal vulnerability in the file jretest.html. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1 running o...

OpenConnect Webconnect MS-DOS device name denial-of-service

Overview OpenConnect WebConnect may stop responding after processing an HTTP request with an MS-DOS device name in it. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1...

WinAmp playlist handling may allow a remote buffer overflow and arbitrary code execution

Overview WinAmp contains a flaw which may allow a remote system compromise if a maliciously crafted playlist is loaded. Description Nullsoft's WinAmp is a multimedia system for Microsoft Windows. WinAmp allows users to create and use "playlists" to play their multimedia files in a customized...

SCO OpenServer vulnerable to privilege escalation in 'scosession' argument handling

Overview A vulnerability in a program supplied with the SCO OpenServer operating system may allow local attackers to gain elevated privileges. Description SCO OpenServer is a UNIX-like operating system for Intel and AMD platforms. The 'scosession' session handling component, which is responsible...

WinAmp contains a flaw in metadata handling in .mpa and .mp4 files

Overview WinAmp contains a flaw which may allow an attacker to crash WinAmp remotely via .mpa or .mp4 files. Description Nullsoft's WinAmp Player, a popular multimedia system for Microsoft Windows, contains a flaw in the handling of the metadata called "tags" contained within .mpa and .mp4 files...

Sun Java Plugin may create temporary files with predictable names

Overview The Sun Java Plugin may allow remote users to create files with arbitrary content in a specific location. Description From the Sun Java Plugin page:Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition JRE, establishes a connection between popular...

OpenPGP vulnerable to chosen-ciphertext attacks in cipher feedback (CFB) mode

Overview A vulnerability in OpenPGP may allow attackers to recover partial plaintexts from OpenPGP messages that use symmetric encryption. Description A vulnerability in OpenPGP can be used by attackers to recover partial plaintexts from messages employing symmetric encryption. Researchers Serge...

Symantec products vulnerable to buffer overflow via a specially crafted UPX file

Overview The Symantec AntiVirus Library DEC2EXE component is vulnerable to remote arbitrary code execution. Description The Symantec AntiVirus Library is used in many Symantec and third-party virus scanning products, including Symantec Norton Antivirus and Symantec BrightMail AntiSpam.The AntiVir...

AWStats fails to properly filter user-supplied input

Overview A lack of input validation in AWStats may allow a remote attacker to execute arbitrary commands. Description AWStats is a Perl CGI script that collects and graphically displays statistics from web, FTP, and mail servers. The configdir parameter, within the awstats.pl Perl script, is...

Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting vulnerabilities

Overview Microsoft Windows SharePoint Services and SharePoint Team Services contain cross-site scripting vulnerabilities. These vulnerabilities could be exploited to execute arbitrary code in the security context of the affected user. Description Microsoft Windows SharePoint Services for Windows...

Microsoft Office XP contains buffer overflow vulnerability

Overview A buffer overflow in Microsoft Office XP may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office XP is vulnerable to a buffer overflow. According to MS05-005, the buffer overflow exists in the process that passes URL file locations to...

Microsoft Windows XP named pipe fails to restrict anonymous access

Overview The Server service running on Microsoft Windows XP leaks authentication information. Description The Server service srvsvc.dll is a component of the Server Message Block SMB, and its follow-on, Common Internet File System CIFS. These are network protocols that Windows uses to share files...

Microsoft DHTML Drag-and-Drop events insufficiently validated

Overview Microsoft DHTML Drag-and-Drop events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description Microsoft Drag-and-Drop events do not proper...

Microsoft ASP.NET fails to perform proper canonicalization

Overview Microsoft ASP.NET contains a canonicalization vulnerability that may allow a remote unauthenticated attacker to gain access to secure contents. Description Microsoft ASP.NET is a programming framework for creating web applications. The canonicalization routine used by ASP.NET fails to...

SquirrelMail vulnerable to command injection because of flawed input checking in S/MIME plug-in

Overview SquirrelMail contains a flaw in its S/MIME plug-in certificate handling routines which may allow arbitrary code to be remotely executed. Description From the SquirrelMail web page:SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for...

SquirrelMail may allow execution of arbitrary code

Overview SquirrelMail 1.2.6 may allow remote execution of arbitrary code via URL manipulation. Description From the SquirrelMail webpage:SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render i...

Microsoft Hyperlink Object Library buffer overflow

Overview A buffer overflow exists in the Microsoft Windows system library used when handling hyperlinks. All currently supported versions of Microsoft Windows are affected. Description An unchecked buffer in the Microsoft Object Library is vulnerable to attack when malformed hyperlinks are handle...

Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability

Overview Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code. Description The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside th...

Microsoft Internet Explorer contains URL decoding cross-domain vulnerability

Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...

Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability

Overview Microsoft Internet Explorer contains a vulnerability that may allow unintended information disclosure or remote code execution due to a flaw in handling Channel Definition Format CDF files. Description From the Microsoft Channel Definition Format description:Channel Definition Format CDF...

Microsoft COM Structured Storage Vulnerability

Overview A vulnerability in a way that various programs handle COM objects could allow a local attacker to execute arbitrary code on a vulnerable system. Description Microsoft's COM is a data representation that allows multiple kinds of objects to be stored in one document. COM structured storage...

Microsoft OLE buffer overflow

Overview A vulnerability in a way that various programs handle OLE objects could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft OLE is a technology that allows applications to create and edit compound documents. Compound documents are those...

Microsoft License Logging Service buffer overflow

Overview A vulnerability in a component of some server versions of Microsoft Windows could allow a remote attacker to execute code on a vulnerable system. Description Microsoft's License Logging Service LLS assists in the management of licenses for some Microsoft server products. An error in the...

Windows Media Player does not properly handle PNG images with excessive width or height values

Overview Microsoft Windows Media Player fails to properly handle PNG images containing unexpected information. Remote attackers may be able to craft a malicious PNG image that would cause Media Player to execute arbitrary code. Description Microsoft Windows Media Player WMP is an application that...

Microsoft Windows SMB packet validation vulnerability

Overview A vulnerability in the way that Microsoft Windows handles some SMB packets could allow remote attackers to execute code of their choosing on a vulnerable system. Description The Microsoft Server Message Block SMB, and its follow-on, Common Internet File System CIFS, are network protocols...

Squid vulnerable to buffer overflow via an overly long WCCP message

Overview The Squid web proxy cache is vulnerable to a buffer overflow when handing overly long web cache communications protocol WCCP messages. Such messages could crash the Squid process and produce a denial of service condition. Description Squid functions as a web proxy and cache application f...

Single crafted HTTP request may result in multiple responses

Overview Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes...

Squid LDAP authentication routines fail to check for invalid input

Overview The Squid LDAP authentication routine squidldapauth fails to check for input characters, such as whitespace, that could be misused to possibly bypass access restrictions. Description Squid functions as a web proxy and cache application for a number of protocols, and includes support for...

Squid fails to properly handle oversized reply headers

Overview The Squid web proxy cache may be vulnerable to oversized HTTP reply headers. Description Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol HTTP. A defect in the Squid HTTP handling prevents oversized reply headers...

Multiple devices process HTTP requests inconsistently

Overview Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Attackers may use these flaws to launch a class of attacks referred to a...

SMB filesystem read system call vulnerable to buffer overflow

Overview The SMB filesystem read system call contains buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition. Description "Server Message Block SMB is an application-level protocol that supports file, printer, and other resource sharing. The SMB filesystem...

QNX PPPoEd vulnerable to buffer overflow

Overview QNX PPPoEd contains a buffer overflow that may allow an attacker to execute arbitrary commands. Description QNX is an RTOS Real-time Operating System. QNX is used in many different devices and industries, including, but not limited to routers manufacturing and processing medical equipmen...