3695 matches found
QNX PPPoEd daemon vulnerable to command spoofing
Overview The QNX PPPoEd daemon is vulnerable to command spoofing that may lead to arbitrary code execution. Description QNX is an RTOS Realtime Operating System. QNX is used in many different devices and industries, including, but not limited to routers manufacturing and processing medical...
Apple Mac OS X vulnerable to information disclosure in "Message-ID" header
Overview The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. Description Mac OS X includes the Mail application for handling electronic mail. This application does include the Media Access Control MAC address of a...
Apple Mac OS X "at" utilities fail to drop privileges properly
Overview Apple's Mac OS X operating system may allow local privilege escalation in family of "at" commands. Description Mac OS X includes the "at" family of commands in order to schedule tasks. However, a flaw in these commands results in the commands not dropping privileges correctly. This may...
Apple Mac OS X vulnerable to buffer overflow in ColorSync ICC color profile handling
Overview Apple's Mac OS X operating system contains a flaw in the handling of ICC color profiles, which may allow arbitrary code execution through a heap-based buffer overflow. Description The Apple Mac OS X operating system contains support for ICC color profiles in the ColorSync component. This...
Exim vulnerable to buffer overflow via the dns_build_reverse() routine
Overview The Exim Mail Transfer Agent MTA contains a buffer overflow that allows a local attacker to execute arbitrary code. Description Exim MTA is an open-source mail transport agent distributed by the University of Cambridge. A lack of input validation on user supplied data may allow a buffer...
UW-imapd fails to properly authenticate users when using CRAM-MD5
Overview A vulnerablility in an authentication method for the University of Washington IMAP server could allow a remote attacker to access any user's mailbox. Description The Internet Message Access Protocol IMAP is a method of accessing electronic messages kept on a remote mail server and is...
Cisco IOS contains DoS vulnerability in MPLS packet processing
Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow attackers to conduct denial-of-service attacks on an affected device. Description Multi Protocol Label Switching MPLS is designed to increase the speed of IP...
Cisco IOS IPv6 denial-of-service vulnerability
Overview A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. Description The Cisco Internetwork Operating System IOS includes support for processing Internet Protocol version 6 IPv6 packets. A vulnerability in the way that IOS handle...
Juniper JunOS Routing Engine MPLS denial of service
Overview Juniper routers will become severely disrupted when attacked with specially-crafted MPLS packets. Description Juniper routers running JUNOS have a vulnerability in which specially-crafted MPLS packets can cause normal operation of affected routers to be severely disrupted.According to...
Cisco IOS vulnerable to DoS via malformed BGP packet
Overview A vulnerability in Cisco's Internetwork Operating System IOS could result in a remotely exploitable denial of service. Description Cisco Internetwork Operating System IOS includes support for Border Gateway Protocol BGP, which is defined in RFC 1771. BGP is designed to exchange network...
BIND 8.4.4 and 8.4.5 vulnerable to buffer overflow in q_usedns
Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A buffer overflow err...
BIND 9.3.0 vulnerable to denial of service in validator code
Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. BIND supports the DNS...
RealPlayer ActiveX control contains buffer overflow in "ShowPreferences"
Overview The RealPlayer ActiveX control contains a stack-based buffer overflow in the ShowPreferences method. This may permit a remote attacker to execute arbitrary code on the user's system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remot...
Cisco IOS embedded call processing solutions contain unspecified DoS vulnerability
Overview An unspecified error in Cisco Internetwork Operating System IOS could allow a remote attacker to cause a denial of service. Description Cisco IOS is a very widely deployed network operating system. IOS release trains 12.1YD, 12.2T, 12.3, and 12.3T, when configured for the IOS Telephony...
Adobe Acrobat Reader for UNIX contains a buffer overflow in mailListIsPdf()
Overview A buffer overflow in Adobe Acrobat Reader for UNIX could allow a remote attacker to execute arbitrary code. Description Adobe Acrobat Reader is an application that allows users to view PDF Portable Document Format files. Acrobat Reader for UNIX Linux, Sun Solaris SPARC, IBM AIX, or HP-UX...
Microsoft Windows Indexing Service fails to properly handle query validation
Overview A vulnerability in the Microsoft Indexing Service could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Indexing Service provides applications and scripts with a means of managing, querying, and indexing information in file systems or web...
LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine
Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. An integer overflow in the TIFFFetchStripThing routine within the tifdirread.c file may allow an attacker...
Opera may insecurely execute binary data encoded in a URI
Overview The Opera web browser fails to validate data encoded using the RFC 2397 scheme. A remote attacker may be able to execute arbitrary code on a vulnerable system. Description The Opera web browser fails to properly handle binary data encoded following the RFC 2397 specification for sending...
Veritas NetBackup "bpjava-susvc" process contains an input validation error
Overview Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges. Description The Veritas NetBackup Administrative Assistant interface bpjava-susvc contains an input validation vulnerability. According to Veritas Alert 271727 :Wh...
Apple iTunes fails to properly handle overly long URLs in playlists
Overview A buffer overflow vulnerability in iTunes could allow a remote attacker to execute arbitrary code. Description Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. It supports a variety of playlist formats including .m3u and .pls. A...
Veritas Backup Exec registration request buffer overflow
Overview Certain versions of Veritas Backup Exec 8.x and 9.x can be remotely exploited to allow execution of arbitrary code on affected servers. Description A buffer overflow exists in Veritas Backup Exec 8.x prior to 8.60.3878 Hotfix 68, and 9.x pritor to 9.1.4691 Hotfix 40. A stack-based buffer...
Debian Linux Netkit telnetd-ssl contains a format string vulnerability
Overview Debian Linux Netkit telnetd-ssl contains a format string vulnerability that may allow a remote attacker to execute arbitrary code. Description An unspecified format string vulnerability in Debian Linux Netkit telnetd-ssl may allow a remote attacker to execute arbitrary code on a vulnerab...
Microsoft Windows HTML Help ActiveX control does not adequately validate window source
Overview The Microsoft Windows HTML Help ActiveX control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML...
Multiple implementations of LDAP Directory Server vulnerable to buffer overflow
Overview A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code. Description The Lightweight Directory Access Protocol LDAP is a protocol for accessing network based directories. A lack of bounds checking in some...
LibTIFF vulnerable to integer overflow via corrupted directory entry count
Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain...
Microsoft Windows kernel vulnerable to denial-of-service condition via animated cursor (.ani) rate number
Overview A vulnerability exists in the way the Microsoft Windows kernel processes animated cursor .ani files with a rate number set to zero. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Description A vulnerability exists in the way the...
Microsoft Windows kernel vulnerable to a denial-of-service condition via animated cursor (.ani) frame number
Overview A vulnerability exists in the way the Microsoft Window's kernel processes animated cursor .ani files with a frame number set to zero. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Description A vulnerability exists in the way the...
Microsoft Windows LoadImage API vulnerable to integer overflow
Overview The Microsoft Windows LoadImage API routine is vulnerable to an integer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The LoadImage API routine is used to load an image from a file on Microsoft Windows platforms. The LoadImage API...
Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability
Overview A cross-domain vulnerability exists in the DHTML Editing ActiveX control. An attacker may be able to execute arbitrary script in the Local Machine Zone or read or modify data in other domains. For example, the attacker could execute arbitrary commands with parameters, download and execut...
Konqueror fails to restrict access to Java classes
Overview The Konqueror web browser may allow Java applets and JavaScripts to bypass the Java security settings and access restricted Java classes. Exploitation may allow a remote attacker to read and write arbitrary files on a vulnerable system. Description Konqueror is a web browser and file...
Symantec Brightmail Anti-Spam Spamhunter UTF encoding error
Overview Symantec Brightmail Anti-Spam Spamhunter crashes when trying to convert certain valid character sets to UTF, resulting in a denial-of-service condition. Description Brightmail Anti-Spam Spamhunter is a spam filter designed for corporate environments. The Brightmail Anti-Spam Spamhunter...
Microsoft Internet Explorer HTML Help control bypasses Local Machine Zone Lockdown
Overview The Microsoft Internet Explorer HTML Help ActiveX control is not restricted by the Local Machine Zone Lockdown feature. This can allow an attacker to execute script in the Local Machine Zone. Description Windows XP SP2 introduces a feature called Local Machine Zone Lockdown. This feature...
Ability Server vulnerable to buffer overflow
Overview A buffer overflow in the Ability Server may allow remote authenticated attackers to execute arbitrary code. Description A lack of input validation in Ability Server's FTP STOR command may allow a buffer overflow to occur. A remote authenticated attacker may be able to exploit this...
phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter
Overview phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Description phpBB is an open-source bulletin board. A lack of inpu...
Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog
Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...
Samba vulnerable to integer overflow processing file security descriptors
Overview Samba contains an integer overflow vulnerability in code that processes file security descriptors. This could allow an authenticated, remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Samba is an open-source implementation of...
Mozilla status elements can be disabled via JavaScript
Overview Mozilla allows websites to disable various browser status elements. This allows websites to create spoofed dialogs using XUL. Description Certain Mozilla web browser status elements, such as the address bar, status bar, and navigation controls, can be disabled remotely by web sites using...
Microsoft Windows Internet Naming Service (WINS) contains a buffer overflow
Overview A buffer overflow in the WINS service may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names.The WINS protocol contains a vulnerability that may allow a remote attack...
Shortcuts may insecurely store SMB authentication information
Overview SMB authentication information may be stored as plain text within URI shortcuts. As a result, a local attacker may be able read the authentication information and gain access to the share. Description SMB is a protocol for sharing data and resources between computers. Many operating...
Anti-virus software may not properly scan malformed zip archives
Overview Anti-virus software may rely on corrupted headers to determine if a zip archive is valid. As a result, anti-virus software may fail to detect malicious content within a zip archive. Description Information about a zip archive, such as the size of the compressed data, is placed in headers...
Remote Execute vulnerable to denial-of-service
Overview Remote Execute cannot handle more than seven connections simultaneously. If more than seven connections are attempted, Remote Execute will crash, resulting in a denial-of-service condition. Description Remote Execute is a network administration tool for the Windows platform that allows...
XFree86 vulnerable to buffer overflow via crafted font directory in 'fonts.alias' file
Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...
XFree86 vulnerable to buffer overflow via error in 'ReadFontAlias()' function
Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...
Sun Java System Web Proxy Server vulnerable to buffer overflow
Overview Buffer overflow vulnerabilities in the Java System Web Proxy Server may allow remote attackers to execute arbitrary code or cause a denial-of-service condition. Description The Java System Web Proxy Server is a caching HTTP proxy server. A lack of bounds checking in the Java System Web...
LibTIFF contains multiple integer overflows
Overview Multiple integer overflows in the LibTIFF library may allow an attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF format. A number of potential integer overflow errors exist in the LibTIFF library. A lack of...
SuSe Linux LibTIFF package vulnerable to buffer overflow
Overview The SuSe Linux version of LibTIFF is vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code. Description SuSe LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF format on SuSE systems. A lack of input validation in the...
LibTIFF contains multiple heap-based buffer overflows
Overview LibTIFF contains multiple heap-based buffer overflows that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. Multiple LibTIFF routines contain buffer...
LibTIFF vulnerable to denial-of-service condition
Overview An Integer overflow in the LibTIFF library may allow a remote attacker to cause a divide-by-zero error that results in a denial-of-service condition. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF format. An integer overflow in the...
Microsoft Windows Internet Naming Service (WINS) replication protocol contains a heap-based buffer overflow
Overview A buffer overflow vulnerability in the Microsoft Windows Internet Naming Service WINS replication protocol may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names. WIN...
Microsoft Windows Shell contains a buffer overflow
Overview A remotely exploitable buffer overflow vulnerability exists in the Microsoft Windows Shell. Description The Microsoft Windows Shell provides the basic human-computer interface for Windows systems. Microsoft describes the Shell as follows: The Windows Shell is responsible for providing th...