Sun Java Plug-in fails to restrict access to private Java packages

Overview There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Description The Java Plug-in is part of the Java 2 Runtime Environment JRE and establishes a framework for displaying Java applets within a web browser...

InnerMedia DynaZip library vulnerable to buffer overflow via long file names

Overview Releases prior to version 5.00.04 of the InnerMedia DynaZip compression library contain a buffer overflow that may allow a remote attacker to execute arbitrary code. Description DynaZip is a popular compression library for the Microsoft Windows platform. A bounds checking deficiency in...

CUPS stores user account details in plain text in log file

Overview When an SMB printer is configured, CUPS stores plain text login information to the log file. Description CUPS is a cross-platform printing system for UNIX environments. It can use the IPP, LPD, SMB, and JetDirect protocols to interact with printers. The SMB protocol is used to communicat...

Samba QFILEPATHINFO handling routine contains a remotely exploitable buffer overflow

Overview Samba is vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code with root privileges. Description Samba is a widely used open-source implementation of Server Message Block SMB/Common Internet File System CIFS. A lack of bounds checking in the...

Archive::Zip may not properly parse the file sizes of Zip archives

Overview Archive::Zip does not properly parse Zip files and may incorrectly interpret malformed zip archives to contain zero length/size files. As a a result, anti-virus software using Archive::Zip may fail to detect malicious content within a Zip archive. Description The Archive::Zip module allo...

Cisco IOS fails to properly handle malformed DHCP packets

Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. Description The Dynamic Host Configuration Protocol DHCP provides a means for distributing...

Nortel Networks Contivity VPN Client information leakage vulnerability

Overview The Nortel Networks Contivity VPN Client authentication error message provide additional information that may be useful to an attacker. Description The Nortel Networks Contivity VPN Client software provides an encrypted and authenticated VPN connection from a client system to a Nortel...

Microsoft Internet Explorer does not properly interpret IFRAME elements when displaying URLs in the status bar

Overview Microsoft Internet Explorer does not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the statu...

Multiple web browsers do not properly interpret TABLE elements when displaying URLs in the status bar

Overview Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the status bar wh...

Multiple web browsers do not properly interpret BASE and FORM elements when displaying URLs in the status bar

Overview Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the status bar wh...

MailPost vulnerable file system information disclosure via HTTP GET request

Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to verify the existance of files anywhere on the local system. Description According to the ProCheckUp report, MailPost contains a vulnerability that may permi...

MailPost vulnerable to cross-site scripting via an executable requested with a trailing slash appended to the filename

Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack by adding a trailing '/' character to the executable filename. The...

Microsoft Internet Explorer vulnerable to buffer overflow via FRAME and IFRAME elements

Overview Microsoft Internet Explorer IE contains a buffer overflow vulnerability that can be exploited to execute arbitrary code with the privileges of the user running IE. Description A heap buffer overflow vulnerability exists in the way IE handles the SRC and NAME attributes of HTML elements...

MailPost discloses sensitive system information when operating in debug mode

Overview A vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions that may permit a remote attacker to gain sensitive information about the server configuration and environment.. Description According to the ProCheckUp report, MailPost contains a vulnerabilit...

MailPost vulnerable to cross-site scripting in the 'append' variable passed to the file as part of an HTTP GET request

Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack via the 'append' variable. The 'append variable is passed as part ...

Linux kernel USB drivers do not initialize kernel memory properly

Overview Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users. Description USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copi...

Microsoft IIS contains vulnerability in NNTP service

Overview A vulnerability in the NNTP component of Microsoft IIS may allow a remote attacker to compromise the affected system. Description The Network News Transport Protocol NNTP is a protocol for the distribution, inquiry, retrieval, and posting of news articles over a network. Microsoft's...

The ActiveX and HTML file browsers of the Symantec 4400 Series Clientless VPN Gateway contains various unspecified vulnerabilities

Overview The ActiveX and HTML file browsers in the Symantec Clientless VPN Gateway 4400 Series contain various unspecified vulnerabilities. Description The Symantec Clientless VPN Gateway 4400 Series is a stand-alone security appliance for connecting remote users to a trusted network via a virtua...

Multiple Symantec security appliances do not allow the SNMP read-write community string to be changed

Overview A vulnerability exists in multiple Symantec security appliances that could allow a remote attacker to modify the configuration of the device using SNMP. Description The Simple Network Management Protocol SNMP enables network and system administrators to remotely monitor and configure...

Multiple Symantec security appliances fail to properly filter port 53/udp traffic

Overview A vulnerability exists in multiple Symantec security appliances that could allow a remote attacker to bypass the firewall using a source port of 53/udp. Description Symantec's Firewall/VPN appliances and Gateway Security models include a number of services such as tftpd, snmpd, and isakm...

Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan

Overview A vulnerability in the Symantec Firewall/VPN appliance could allow an attacker to cause a denial-of-service condition. Description The Symantec Firewall/VPN appliance supports a number of services that utilize the UDP protocol including tftpd, snmpd, and isakmp. There is a vulnerability ...

Microsoft Internet Explorer does not properly handle function redirection

Overview Microsoft Internet Explorer IE fails to properly validate redirected functions. The impact is similar to that of a cross-site scripting vulnerability, which allows an attacker to access data in other sites, including the Local Machine Zone. Description IE features Active scripting, the...

Apache HTTP Server contains a buffer overflow in the mod_proxy module

Overview Apache Web Server contains a buffer overflow vulnerability in the modproxy module that may allow a remote attacker to execute arbitrary code or launch a denial of service DoS attack. Description The Apache Server is an open-source web server offered by The Apache Software Foundation. The...

PhpWebSite contains multiple cross-site scripting vulnerabilities

Overview PhpWebSite contains multiple cross-site scripting vulnerabilities that may allow an attacker to execute arbitrary code on users' web browser. Description PhpWebSite is an open-source web content management system. Certain PhpWebSite modules fail to properly filter URLs for malicious...

sudoedit can expose protected file contents

Overview Sudo's -e option sudoedit improperly handles temporary files, allowing an attacker to read files that would otherwise be inaccessible. Description Sudo is a utility that allows specific users to run certain commands as root. Beginning with version 1.6.8, sudo provides safe editing...

Microsoft Internet Explorer does not properly handle cached HTTPS contents

Overview Microsoft Internet Explorer fails to properly validate cached HTTPS contents, allowing an attacker to obtain information or spoof information on a secure web site. Description The HTTPS protocol is used to provide authentication, encryption, integrity, and non-repudiation services to web...

Microsoft MSN "Hrtbeat.ocx" ActiveX control contains unspecified vulnerability

Overview A vulnerability exists in the Microsoft MSN "Hrtbeat.ocx" ActiveX control. Description ActiveX is a technology that allows programmers to create reusable software components that can be incorporated into applications to extend their functionality. Microsoft Internet Explorer provides...

PhpWebSite calendar module contains a SQL injection vulnerability

Overview The PhpWebSite contains an SQL injection vulnerability that may allow malicious users to execute SQL queries on a server with the privileges of the PhpWebSite administrator. Description PhpWebSite is an open-source web content management system that includes a web-based calendar module t...

Microsoft Internet Explorer fails to honor "Drag and Drop" zone security preference

Overview The Internet Explorer IE zone security preference for "Drag and drop or copy and paste files" is not honored with Windows XP and Windows Server 2003. Description IE provides several settings for the various security zones. These settings can prevent certain actions from taking place in...

Microsoft Internet Explorer contains a buffer overflow in CSS parsing

Overview A buffer overflow vulnerability exists in the way that Microsoft Internet Explorer processes Cascading Style Sheets CSS. This may allow an attacker to execute arbitrary code or cause a denial of service. Description CSS is a mechanism for adding style to web documents. Microsoft Internet...

Microsoft Windows Program Group Converter vulnerable to buffer overflow

Overview Microsoft Program Group Converter contains a buffer overflow that may allow an attacker to execute arbitrary code. Description Microsoft describes Program Group Converter grpconv.exe as a application to "convert Program Manager Group files .grp extention that were created in Windows 3.1,...

Microsoft Internet Explorer does not properly handle navigations from plug-ins

Overview Microsoft Internet Explorer contains a vulnerability in its handling of navigation commands from plug-ins. This could let an attacker spoof the address of a website. Description Microsoft Internet Explorer improperly handles navigations from plug-ins, such as ActiveX controls. This...

Microsoft Windows kernel fails to reset values in CPU data structures

Overview A vulnerability in the Microsoft Windows kernel could allow an attacker to cause a denial-of-service condition. Description The Microsoft Windows kernel is responsible for handling processor resources and system services such as device and memory management. There is a vulnerability in t...

Microsoft Internet Explorer vulnerable to address bar spoofing on double byte character set systems

Overview Microsoft Internet Explorer contains a vulnerability in how it processes URLs on Double Byte Character Set DBCS systems. This could allow an attacker to spoof the address of a web site. Description Microsoft Internet Explorer contains a canonicalization error when it parses special...

Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability

Overview The Active Setup Install Engine in Microsoft Internet Explorer contains a buffer overflow vulnerability. This may allow an attacker to take complete control of a vulnerable system. Description The Active Setup Install Engine inseng.dll permits cabinet files to be launched and executed...

Microsoft Windows kernel fails to properly handle invalid opcodes used in DOS emulation

Overview A vulnerability in the way the Microsoft Windows kernel handles invalid opcodes used in DOS emulation could allow a local attacker to gain elevated privileges on a vulnerable system. Description The Virtual DOS Machine VDM provides support for 16-bit legacy operations and applications. F...

Microsoft Windows SMTP component vulnerable to remote code execution

Overview A vulnerability in the mail handling service in some versions of Microsoft Windows could allow a remote attacker to compromise the affected system. Description The Simple Mail Transfer Protocol SMTP is the most common protocol for the delivery of electronic mail between systems on the...

Microsoft Windows contains buffer overflow in processing of WMF and EMF image files

Overview A vulnerability in the way the Microsoft Windows Graphics Rendering Engine processes certain types of image files could allow an attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats...

Microsoft Windows contains vulnerability in Window Management API

Overview A vulnerability in the Microsoft Windows window application programming interfaces APIs could allow a local attacker to gain elevated privileges on a vulnerable system. Description Microsoft Windows contains a vulnerability in the window management application programming interface API...

Microsoft Windows processing of zip files contains a buffer overflow

Overview A buffer overflow exists in the way Microsoft Windows processes zip files that may allow remote code execution. Description Microsoft Windows XP and Windows Server 2003 feature the ability to natively handle zip files. Microsoft has released bulletin MS04-034 describing a remotely...

Microsoft Windows contains an unchecked buffer in the NetDDE services

Overview A vulnerability in the Network Dynamic Data Exchange service for Microsoft Windows could allow an attacker to compromise the affected system. Description Microsoft's Network Dynamic Data Exchange NetDDE is a communication protocol that allows two Windows applications to communicate with...

Macromedia JRun Server is vulnerable to buffer overflow

Overview A buffer overflow vulnerability exists in the Macromedia JRun web server that may allow an attacker to cause a denial-of-service condition. Description JRun is an application server that works with most popular web servers, such as Apache and IIS. The JRun web server is vulnerable to a...

Multiple networking devices fail to set the "Secure" attribute of a cookie

Overview Multiple vendors' networking devices fail to set the "Secure" cookie attribute and could disclose sensitive information about a user's HTTP session. Description Many networking devices provide a built-in web server, which may support the HTTPS protocol. When a user logs into the device...

Macromedia JRun Server contains an information disclosure vulnerability

Overview An information disclosure vulnerability exists in the Macromedia JRun that may allow an attacker to view the source code of files in the web root directory. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia...

Sun Solaris gzip may change permissions of hard linked files

Overview Sun Solaris gzip contains a vulnerability that may change the permissions of hard linked files. The specific impact may allow hard linked files compressed by gzip to become readable and able to be modified by unprivileged users. Description Gzip is a utility used for compressing and...

Microsoft Excel parameter validation error

Overview Microsoft has released a bulletin describing a remotely exploitable vulnerability in its Excel spreadsheet program. The vulnerability affects versions of Excel on Windows, MacOS 9, and MacOS X operating systems. Description There is a remotely exploitable vulnerability in Microsoft Excel...

Macromedia JRun Server insecurely generates and handles JSESSIONIDs

Overview A vulnerability exists in Macromedia JRun that may allow an attacker to gain access to an authenticated user's session. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is deployed at over...

Macromedia JRun Server is vulnerable to a cross-site scripting attack

Overview A cross-site scripting vulnerability exists in the Macromedia JRun Server Management Console that may allow an attacker to execute arbitrary code. Description JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is...

FreeBSD syscons fails to properly validate input in "CONS_SCRSHOT" ioctl

Overview The FreeBSD syscons CONSSCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information. Description Syscons is the default console driver for FreeBSD. It provides...

freeRADIUS Server vulnerable to a denial-of-service attack

Overview Multiple vulnerabilities in freeRADIUS Server may allow attackers to cause a denial-of-service condition. Description The Remote Authentication Dial In User Service RADIUS protocol is used for remote user authentication and accounting. freeRADIUS Server is an popular open-source RADIUS...