3702 matches found
Squid vulnerable to buffer overflow via an overly long WCCP message
Overview The Squid web proxy cache is vulnerable to a buffer overflow when handing overly long web cache communications protocol WCCP messages. Such messages could crash the Squid process and produce a denial of service condition. Description Squid functions as a web proxy and cache application f...
Single crafted HTTP request may result in multiple responses
Overview Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes...
Squid fails to properly handle oversized reply headers
Overview The Squid web proxy cache may be vulnerable to oversized HTTP reply headers. Description Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol HTTP. A defect in the Squid HTTP handling prevents oversized reply headers...
Squid LDAP authentication routines fail to check for invalid input
Overview The Squid LDAP authentication routine squidldapauth fails to check for input characters, such as whitespace, that could be misused to possibly bypass access restrictions. Description Squid functions as a web proxy and cache application for a number of protocols, and includes support for...
Multiple devices process HTTP requests inconsistently
Overview Multiple interconnected devices process valid HTTP request headers inconsistently and in this may manner may allow a remote attacker to poison a cache, conduct cross-site scripting attacks, and hijack user sessions. Attackers may use these flaws to launch a class of attacks referred to a...
SMB filesystem read system call vulnerable to buffer overflow
Overview The SMB filesystem read system call contains buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition. Description "Server Message Block SMB is an application-level protocol that supports file, printer, and other resource sharing. The SMB filesystem...
QNX PPPoEd vulnerable to buffer overflow
Overview QNX PPPoEd contains a buffer overflow that may allow an attacker to execute arbitrary commands. Description QNX is an RTOS Real-time Operating System. QNX is used in many different devices and industries, including, but not limited to routers manufacturing and processing medical equipmen...
QNX PPPoEd daemon vulnerable to command spoofing
Overview The QNX PPPoEd daemon is vulnerable to command spoofing that may lead to arbitrary code execution. Description QNX is an RTOS Realtime Operating System. QNX is used in many different devices and industries, including, but not limited to routers manufacturing and processing medical...
Apple Mac OS X vulnerable to information disclosure in "Message-ID" header
Overview The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. Description Mac OS X includes the Mail application for handling electronic mail. This application does include the Media Access Control MAC address of a...
Apple Mac OS X vulnerable to buffer overflow in ColorSync ICC color profile handling
Overview Apple's Mac OS X operating system contains a flaw in the handling of ICC color profiles, which may allow arbitrary code execution through a heap-based buffer overflow. Description The Apple Mac OS X operating system contains support for ICC color profiles in the ColorSync component. This...
Exim vulnerable to buffer overflow via the dns_build_reverse() routine
Overview The Exim Mail Transfer Agent MTA contains a buffer overflow that allows a local attacker to execute arbitrary code. Description Exim MTA is an open-source mail transport agent distributed by the University of Cambridge. A lack of input validation on user supplied data may allow a buffer...
UW-imapd fails to properly authenticate users when using CRAM-MD5
Overview A vulnerablility in an authentication method for the University of Washington IMAP server could allow a remote attacker to access any user's mailbox. Description The Internet Message Access Protocol IMAP is a method of accessing electronic messages kept on a remote mail server and is...
Apple Mac OS X "at" utilities fail to drop privileges properly
Overview Apple's Mac OS X operating system may allow local privilege escalation in family of "at" commands. Description Mac OS X includes the "at" family of commands in order to schedule tasks. However, a flaw in these commands results in the commands not dropping privileges correctly. This may...
Juniper JunOS Routing Engine MPLS denial of service
Overview Juniper routers will become severely disrupted when attacked with specially-crafted MPLS packets. Description Juniper routers running JUNOS have a vulnerability in which specially-crafted MPLS packets can cause normal operation of affected routers to be severely disrupted.According to...
Cisco IOS vulnerable to DoS via malformed BGP packet
Overview A vulnerability in Cisco's Internetwork Operating System IOS could result in a remotely exploitable denial of service. Description Cisco Internetwork Operating System IOS includes support for Border Gateway Protocol BGP, which is defined in RFC 1771. BGP is designed to exchange network...
Cisco IOS contains DoS vulnerability in MPLS packet processing
Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow attackers to conduct denial-of-service attacks on an affected device. Description Multi Protocol Label Switching MPLS is designed to increase the speed of IP...
Cisco IOS IPv6 denial-of-service vulnerability
Overview A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. Description The Cisco Internetwork Operating System IOS includes support for processing Internet Protocol version 6 IPv6 packets. A vulnerability in the way that IOS handle...
BIND 9.3.0 vulnerable to denial of service in validator code
Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. BIND supports the DNS...
BIND 8.4.4 and 8.4.5 vulnerable to buffer overflow in q_usedns
Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A buffer overflow err...
RealPlayer ActiveX control contains buffer overflow in "ShowPreferences"
Overview The RealPlayer ActiveX control contains a stack-based buffer overflow in the ShowPreferences method. This may permit a remote attacker to execute arbitrary code on the user's system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remot...
Cisco IOS embedded call processing solutions contain unspecified DoS vulnerability
Overview An unspecified error in Cisco Internetwork Operating System IOS could allow a remote attacker to cause a denial of service. Description Cisco IOS is a very widely deployed network operating system. IOS release trains 12.1YD, 12.2T, 12.3, and 12.3T, when configured for the IOS Telephony...
Microsoft Windows Indexing Service fails to properly handle query validation
Overview A vulnerability in the Microsoft Indexing Service could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Indexing Service provides applications and scripts with a means of managing, querying, and indexing information in file systems or web...
Adobe Acrobat Reader for UNIX contains a buffer overflow in mailListIsPdf()
Overview A buffer overflow in Adobe Acrobat Reader for UNIX could allow a remote attacker to execute arbitrary code. Description Adobe Acrobat Reader is an application that allows users to view PDF Portable Document Format files. Acrobat Reader for UNIX Linux, Sun Solaris SPARC, IBM AIX, or HP-UX...
LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine
Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. An integer overflow in the TIFFFetchStripThing routine within the tifdirread.c file may allow an attacker...
Opera may insecurely execute binary data encoded in a URI
Overview The Opera web browser fails to validate data encoded using the RFC 2397 scheme. A remote attacker may be able to execute arbitrary code on a vulnerable system. Description The Opera web browser fails to properly handle binary data encoded following the RFC 2397 specification for sending...
Veritas NetBackup "bpjava-susvc" process contains an input validation error
Overview Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges. Description The Veritas NetBackup Administrative Assistant interface bpjava-susvc contains an input validation vulnerability. According to Veritas Alert 271727 :Wh...
Veritas Backup Exec registration request buffer overflow
Overview Certain versions of Veritas Backup Exec 8.x and 9.x can be remotely exploited to allow execution of arbitrary code on affected servers. Description A buffer overflow exists in Veritas Backup Exec 8.x prior to 8.60.3878 Hotfix 68, and 9.x pritor to 9.1.4691 Hotfix 40. A stack-based buffer...
Apple iTunes fails to properly handle overly long URLs in playlists
Overview A buffer overflow vulnerability in iTunes could allow a remote attacker to execute arbitrary code. Description Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. It supports a variety of playlist formats including .m3u and .pls. A...
Debian Linux Netkit telnetd-ssl contains a format string vulnerability
Overview Debian Linux Netkit telnetd-ssl contains a format string vulnerability that may allow a remote attacker to execute arbitrary code. Description An unspecified format string vulnerability in Debian Linux Netkit telnetd-ssl may allow a remote attacker to execute arbitrary code on a vulnerab...
Microsoft Windows HTML Help ActiveX control does not adequately validate window source
Overview The Microsoft Windows HTML Help ActiveX control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML...
Multiple implementations of LDAP Directory Server vulnerable to buffer overflow
Overview A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code. Description The Lightweight Directory Access Protocol LDAP is a protocol for accessing network based directories. A lack of bounds checking in some...
LibTIFF vulnerable to integer overflow via corrupted directory entry count
Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain...
Microsoft Windows kernel vulnerable to denial-of-service condition via animated cursor (.ani) rate number
Overview A vulnerability exists in the way the Microsoft Windows kernel processes animated cursor .ani files with a rate number set to zero. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Description A vulnerability exists in the way the...
Microsoft Windows kernel vulnerable to a denial-of-service condition via animated cursor (.ani) frame number
Overview A vulnerability exists in the way the Microsoft Window's kernel processes animated cursor .ani files with a frame number set to zero. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Description A vulnerability exists in the way the...
Microsoft Windows LoadImage API vulnerable to integer overflow
Overview The Microsoft Windows LoadImage API routine is vulnerable to an integer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The LoadImage API routine is used to load an image from a file on Microsoft Windows platforms. The LoadImage API...
Symantec Brightmail Anti-Spam Spamhunter UTF encoding error
Overview Symantec Brightmail Anti-Spam Spamhunter crashes when trying to convert certain valid character sets to UTF, resulting in a denial-of-service condition. Description Brightmail Anti-Spam Spamhunter is a spam filter designed for corporate environments. The Brightmail Anti-Spam Spamhunter...
Konqueror fails to restrict access to Java classes
Overview The Konqueror web browser may allow Java applets and JavaScripts to bypass the Java security settings and access restricted Java classes. Exploitation may allow a remote attacker to read and write arbitrary files on a vulnerable system. Description Konqueror is a web browser and file...
Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability
Overview A cross-domain vulnerability exists in the DHTML Editing ActiveX control. An attacker may be able to execute arbitrary script in the Local Machine Zone or read or modify data in other domains. For example, the attacker could execute arbitrary commands with parameters, download and execut...
Ability Server vulnerable to buffer overflow
Overview A buffer overflow in the Ability Server may allow remote authenticated attackers to execute arbitrary code. Description A lack of input validation in Ability Server's FTP STOR command may allow a buffer overflow to occur. A remote authenticated attacker may be able to exploit this...
Microsoft Internet Explorer HTML Help control bypasses Local Machine Zone Lockdown
Overview The Microsoft Internet Explorer HTML Help ActiveX control is not restricted by the Local Machine Zone Lockdown feature. This can allow an attacker to execute script in the Local Machine Zone. Description Windows XP SP2 introduces a feature called Local Machine Zone Lockdown. This feature...
phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter
Overview phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Description phpBB is an open-source bulletin board. A lack of inpu...
Samba vulnerable to integer overflow processing file security descriptors
Overview Samba contains an integer overflow vulnerability in code that processes file security descriptors. This could allow an authenticated, remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Samba is an open-source implementation of...
Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog
Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...
Mozilla status elements can be disabled via JavaScript
Overview Mozilla allows websites to disable various browser status elements. This allows websites to create spoofed dialogs using XUL. Description Certain Mozilla web browser status elements, such as the address bar, status bar, and navigation controls, can be disabled remotely by web sites using...
Microsoft Windows Internet Naming Service (WINS) contains a buffer overflow
Overview A buffer overflow in the WINS service may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names.The WINS protocol contains a vulnerability that may allow a remote attack...
Shortcuts may insecurely store SMB authentication information
Overview SMB authentication information may be stored as plain text within URI shortcuts. As a result, a local attacker may be able read the authentication information and gain access to the share. Description SMB is a protocol for sharing data and resources between computers. Many operating...
Anti-virus software may not properly scan malformed zip archives
Overview Anti-virus software may rely on corrupted headers to determine if a zip archive is valid. As a result, anti-virus software may fail to detect malicious content within a zip archive. Description Information about a zip archive, such as the size of the compressed data, is placed in headers...
Remote Execute vulnerable to denial-of-service
Overview Remote Execute cannot handle more than seven connections simultaneously. If more than seven connections are attempted, Remote Execute will crash, resulting in a denial-of-service condition. Description Remote Execute is a network administration tool for the Windows platform that allows...
XFree86 vulnerable to buffer overflow via crafted font directory in 'fonts.alias' file
Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...
XFree86 vulnerable to buffer overflow via error in 'ReadFontAlias()' function
Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...