3702 matches found
Mozilla products vulnerable to heap overflow via specially crafted GIF file
Overview Mozilla products, including the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird, are vulnerable to a heap-based overflow in the GIF image-processing routines. Description The Mozilla project produces an application suite Mozilla Suite, web browsers Mozilla Firefox, email software...
Symantec Norton AntiVirus vulnerable to DoS via the Auto-Protect "SmartScan" feature
Overview Symantec Norton AntiVirus may hang or crash when the Auto-Protect module SmartScan feature scans a renamed file on a network share. Description Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic...
Multiple Telnet clients fail to properly handle the "LINEMODE" SLC suboption
Overview Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protoco...
Multiple web browsers vulnerable to spoofing via Internationalized Domain Name support
Overview Multiple web browsers are vulnerable to spoofing attacks through the use of Internationalized Domain Names. Other applications such as email programs may also be vulnerable. Description The Domain Name System The Domain Name System DNS provides name, address, and other information about...
McAfee Scan Engine vulnerable to buffer overflow in LHA decoder
Overview A buffer overflow vulnerability in the McAfee Virus Scan Engine may allow a remote attacker to execute arbitrary code on an affected system. Because the vulnerability exists in a core component, a number of different McAfee products are affected. Description The McAfee Antivirus products...
NotifyLink web client fails to adequately restrict access to administrative functions
Overview The NotifyLink web interface contains a vulnerability that allows authenticated normal users to access functions that have been disabled by an administrator. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...
NotifyLink server provides inadequate protection for cryptographic key material
Overview The NotifyLink key exchange protocol contains a vulnerability that significantly reduces the strength of cryptographic keys used to encrypt mail messages. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...
NotifyLink administrative interface displays user passwords in clear text
Overview The NotifyLink web interface grants administrative users inappropriate access to private user password information. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The application consists of a PDA-specific...
NotifyLink contains multiple SQL injection vulnerabilities
Overview There are multiple vulnerabilities in NotifyLink that allow unauthenticated remote users to view or modify the contents of the NotifyLink SQL database. Possible modifications include the addition of unauthorized user and administrator accounts. Description Notify Technology NotifyLink...
Apache Tomcat fails to properly handle certain requests
Overview Apache Tomcat does not properly handle certain types of requests allowing a remote attacker to cause a denial of service. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Tomcat uses the AJP12 protocol on TCP 8007 by default for...
Cisco ACNS RealServer RealSubscruber vulnerable to DoS via malformed IP packets
Overview A vulnerability in Cisco ACNS RealServer RealSubscriber may allow a remote attacker to cause a denial of service on an affected device via malformed IP packets. Description Cisco Application and Content Networking System ACNS is an integrated caching and content-delivery platform. ACNS 5...
ISC DHCP contains a format string vulnerabilty in errwarn.c
Overview The Internet Systems Consortium ISC Dynamic Host Configuration Protocol DHCP application contains a format string vulnerability in errwarn.c that could allow an attacker to execute arbitrary code. Description As described in RFC 2131, "The Dynamic Host Configuration Protocol DHCP provide...
SafeNet Sentinel License Manager vulnerable to buffer overflow
Overview SafeNet Sentinel License Manager contains a buffer overflow vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the server. Description SafeNet Sentinel License Manager LM is a software-based license management application. It is reported that th...
nfs-utils vulnerable to buffer overflow in "getquotainfo()" in "rquota_server.c"
Overview A vulnerability in nfs-utils could permit an attacker to execute arbitrary code on the system or cause a denial of service. Description The NFS protocol provides remote access to shared files accross networks. The nfs-utils package provides an NFS client and server for Linux systems...
Gaim vulnerable to DoS via specially crafted HTML
Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...
IBM AIX auditselect contains format string vulnerability
Overview IBM AIX auditselect command contains a format string vulnerability that may allow a local attacker to execute arbitrary code. Description According to IBM's Command Reference, the syntax and description of the auditselect command are as follows:$ auditselect -e "Expression" | -f File -m...
AWStats fails to validate input supplied to pluginmode parameter
Overview AWStats performs inadequate validation on user-controlled data that is supplied to the pluginmode parameter. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary commands. Description AWStats is a Perl CGI script that collects and graphically displays...
phpBB vulnerable to file disclosure
Overview The phpBB input validation methods may fail to sanitize user input resulting in a disclosure of arbitrary file data. Description phpBB is a customizable open source bulletin board package. It contains functionality that allows users to specify graphic files for use as "avatars." These...
HP-UX FTP daemon is vulnerable to a buffer overflow
Overview The HP-UX FTP daemon ftpd contains a buffer overflow that may allow an unauthenticated, remote attacker to execute arbitrary code. Description The HP-UX FTP daemon ftpd is vulnerable to a buffer overflow when the FTP daemon is configured to log debugging information. Debug logging is...
Golden FTP server contains a buffer overflow
Overview Golden FTP server contains a buffer overflow that may allow a remote attacker to execute arbitrary code. Description Golden FTP server is a personal FTP server for the Microsoft Windows platform. The RNTO rename to command is used in conjunction with the RNFR rename from to rename a file...
WinAmp playlist handling may allow a remote buffer overflow and arbitrary code execution
Overview WinAmp contains a flaw which may allow a remote system compromise if a maliciously crafted playlist is loaded. Description Nullsoft's WinAmp is a multimedia system for Microsoft Windows. WinAmp allows users to create and use "playlists" to play their multimedia files in a customized...
Verity Ultraseek contains a cross-site scripting vulnerability in the processing of search requests
Overview Verity's Ultraseek application contains a cross-site scripting vulnerability in the processing of search requests. Description Verity Ultraseek is a web site search engine application. Ultraseek contains a cross-site scripting vulnerability in the processing of search requests. More...
WinAmp contains a flaw in metadata handling in .mpa and .mp4 files
Overview WinAmp contains a flaw which may allow an attacker to crash WinAmp remotely via .mpa or .mp4 files. Description Nullsoft's WinAmp Player, a popular multimedia system for Microsoft Windows, contains a flaw in the handling of the metadata called "tags" contained within .mpa and .mp4 files...
mod_python vulnerable to information disclosure via crafted URL
Overview The Apache modpython module is vulnerable to unintended remote information disclosure using specially crafted URLs. Description From the modpython web page:Modpython is an Apache module that embeds the Python interpreter within the server. With modpython you can write web-based...
SCO OpenServer vulnerable to privilege escalation in 'scosession' argument handling
Overview A vulnerability in a program supplied with the SCO OpenServer operating system may allow local attackers to gain elevated privileges. Description SCO OpenServer is a UNIX-like operating system for Intel and AMD platforms. The 'scosession' session handling component, which is responsible...
Gaim vulnerable to HTML processing denial of service
Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...
Squid fails to parse empty access control lists correctly
Overview The Squid web proxy cache may fail to handle empty Access Control Lists ACLs in the intended manner. Description Squid functions as a web proxy and cache application for a number of protocols. However, Squid Access Control List ACL routines may not parse an empty list as intended. An emp...
OpenConnect Webconnect MS-DOS device name denial-of-service
Overview OpenConnect WebConnect may stop responding after processing an HTTP request with an MS-DOS device name in it. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1...
OpenConnect Webconnect read-only directory traversal vulnerability in jretest.html
Overview OpenConnect Webconnect contains a read-only directory traversal vulnerability in the file jretest.html. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1 running o...
Gaim vulnerable to malformed SNAC packet infinite processing loop
Overview Gaim contains a flaw in the processing of certain packets that may cause a denial of service. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar protocol, MSN Messenger,...
Sun Java Plugin may create temporary files with predictable names
Overview The Sun Java Plugin may allow remote users to create files with arbitrary content in a specific location. Description From the Sun Java Plugin page:Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition JRE, establishes a connection between popular...
OpenPGP vulnerable to chosen-ciphertext attacks in cipher feedback (CFB) mode
Overview A vulnerability in OpenPGP may allow attackers to recover partial plaintexts from OpenPGP messages that use symmetric encryption. Description A vulnerability in OpenPGP can be used by attackers to recover partial plaintexts from messages employing symmetric encryption. Researchers Serge...
Symantec products vulnerable to buffer overflow via a specially crafted UPX file
Overview The Symantec AntiVirus Library DEC2EXE component is vulnerable to remote arbitrary code execution. Description The Symantec AntiVirus Library is used in many Symantec and third-party virus scanning products, including Symantec Norton Antivirus and Symantec BrightMail AntiSpam.The AntiVir...
AWStats fails to properly filter user-supplied input
Overview A lack of input validation in AWStats may allow a remote attacker to execute arbitrary commands. Description AWStats is a Perl CGI script that collects and graphically displays statistics from web, FTP, and mail servers. The configdir parameter, within the awstats.pl Perl script, is...
Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting vulnerabilities
Overview Microsoft Windows SharePoint Services and SharePoint Team Services contain cross-site scripting vulnerabilities. These vulnerabilities could be exploited to execute arbitrary code in the security context of the affected user. Description Microsoft Windows SharePoint Services for Windows...
Microsoft DHTML Drag-and-Drop events insufficiently validated
Overview Microsoft DHTML Drag-and-Drop events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description Microsoft Drag-and-Drop events do not proper...
Microsoft Windows XP named pipe fails to restrict anonymous access
Overview The Server service running on Microsoft Windows XP leaks authentication information. Description The Server service srvsvc.dll is a component of the Server Message Block SMB, and its follow-on, Common Internet File System CIFS. These are network protocols that Windows uses to share files...
Microsoft Office XP contains buffer overflow vulnerability
Overview A buffer overflow in Microsoft Office XP may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office XP is vulnerable to a buffer overflow. According to MS05-005, the buffer overflow exists in the process that passes URL file locations to...
SquirrelMail may allow execution of arbitrary code
Overview SquirrelMail 1.2.6 may allow remote execution of arbitrary code via URL manipulation. Description From the SquirrelMail webpage:SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render i...
SquirrelMail vulnerable to command injection because of flawed input checking in S/MIME plug-in
Overview SquirrelMail contains a flaw in its S/MIME plug-in certificate handling routines which may allow arbitrary code to be remotely executed. Description From the SquirrelMail web page:SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for...
Microsoft ASP.NET fails to perform proper canonicalization
Overview Microsoft ASP.NET contains a canonicalization vulnerability that may allow a remote unauthenticated attacker to gain access to secure contents. Description Microsoft ASP.NET is a programming framework for creating web applications. The canonicalization routine used by ASP.NET fails to...
Microsoft OLE buffer overflow
Overview A vulnerability in a way that various programs handle OLE objects could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft OLE is a technology that allows applications to create and edit compound documents. Compound documents are those...
Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability
Overview Microsoft Internet Explorer contains a vulnerability that may allow unintended information disclosure or remote code execution due to a flaw in handling Channel Definition Format CDF files. Description From the Microsoft Channel Definition Format description:Channel Definition Format CDF...
Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability
Overview Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code. Description The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside th...
Windows Media Player does not properly handle PNG images with excessive width or height values
Overview Microsoft Windows Media Player fails to properly handle PNG images containing unexpected information. Remote attackers may be able to craft a malicious PNG image that would cause Media Player to execute arbitrary code. Description Microsoft Windows Media Player WMP is an application that...
Microsoft COM Structured Storage Vulnerability
Overview A vulnerability in a way that various programs handle COM objects could allow a local attacker to execute arbitrary code on a vulnerable system. Description Microsoft's COM is a data representation that allows multiple kinds of objects to be stored in one document. COM structured storage...
Microsoft License Logging Service buffer overflow
Overview A vulnerability in a component of some server versions of Microsoft Windows could allow a remote attacker to execute code on a vulnerable system. Description Microsoft's License Logging Service LLS assists in the management of licenses for some Microsoft server products. An error in the...
Microsoft Internet Explorer contains URL decoding cross-domain vulnerability
Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...
Microsoft Windows SMB packet validation vulnerability
Overview A vulnerability in the way that Microsoft Windows handles some SMB packets could allow remote attackers to execute code of their choosing on a vulnerable system. Description The Microsoft Server Message Block SMB, and its follow-on, Common Internet File System CIFS, are network protocols...
Microsoft Hyperlink Object Library buffer overflow
Overview A buffer overflow exists in the Microsoft Windows system library used when handling hyperlinks. All currently supported versions of Microsoft Windows are affected. Description An unchecked buffer in the Microsoft Object Library is vulnerable to attack when malformed hyperlinks are handle...