3702 matches found
Multiple networking devices fail to set the "Secure" attribute of a cookie
Overview Multiple vendors' networking devices fail to set the "Secure" cookie attribute and could disclose sensitive information about a user's HTTP session. Description Many networking devices provide a built-in web server, which may support the HTTPS protocol. When a user logs into the device...
Macromedia JRun Server contains an information disclosure vulnerability
Overview An information disclosure vulnerability exists in the Macromedia JRun that may allow an attacker to view the source code of files in the web root directory. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia...
Macromedia JRun Server is vulnerable to a cross-site scripting attack
Overview A cross-site scripting vulnerability exists in the Macromedia JRun Server Management Console that may allow an attacker to execute arbitrary code. Description JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is...
Macromedia JRun Server is vulnerable to buffer overflow
Overview A buffer overflow vulnerability exists in the Macromedia JRun web server that may allow an attacker to cause a denial-of-service condition. Description JRun is an application server that works with most popular web servers, such as Apache and IIS. The JRun web server is vulnerable to a...
Macromedia JRun Server insecurely generates and handles JSESSIONIDs
Overview A vulnerability exists in Macromedia JRun that may allow an attacker to gain access to an authenticated user's session. Description Macromedia JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is deployed at over...
FreeBSD syscons fails to properly validate input in "CONS_SCRSHOT" ioctl
Overview The FreeBSD syscons CONSSCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information. Description Syscons is the default console driver for FreeBSD. It provides...
freeRADIUS Server vulnerable to a denial-of-service attack
Overview Multiple vulnerabilities in freeRADIUS Server may allow attackers to cause a denial-of-service condition. Description The Remote Authentication Dial In User Service RADIUS protocol is used for remote user authentication and accounting. freeRADIUS Server is an popular open-source RADIUS...
GdkPixbuf XPM parser contains a heap overflow vulnerability
Overview A heap overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for...
The zlib compression library is vulnerable to a denial-of-service condition
Overview Un-handled error conditions in the zlib compression library may allow an attacker to cause a denial-of-service condition. Description There is a vulnerability in the error handling mechanisms of the decompression functions in the zlib compression library. The decompression functions...
GdkPixbuf XPM parser contains a stack overflow vulnerability
Overview A stack overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for...
GdkPixbuf ICO parser contains an integer overflow vulnerability
Overview An integer overflow vulnerability exists in the ICO handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user...
GdkPixbuf BMP parser may enter an infinite loop
Overview A vulnerability exists in the BMP handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used b...
libXpm image library vulnerable to buffer overflow
Overview libXpm image parsing code contains a buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition or execute arbitrary code. Description X PixMap XPM is a format for encoding and decoding images on the X Windows System 11 X11. libXpm is a library of...
libXpm library contains multiple integer overflow vulnerabilities
Overview libXpm contains multiple integer overflow vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code. Description XPM is a format for encoding and decoding X PixMap images that is used in the X Windows System 11 X11. libXpm is a library of...
Mozilla "send page" feature contains a buffer overflow vulnerability
Overview There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code. Description Mozilla is an open-source web browser, email/newsgroup client, IRC client, and HTML editor available for a number of platforms including...
Multiple buffer overflows in Mozilla POP3 protocol handler
Overview There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a remote attacker to execute arbitrary code. Description Post Office Protocol Version 3 POP3 is a mail protocol that provides a means for retrieving email from a remote server. The...
Mozilla Linux installer does not properly set file permissions
Overview Mozilla's Linux installers may not properly set file permissions on the installed program files. A local user may then be able to modify or replace these files with malicious versions. Description Some versions of Mozilla's Linux installer may create installation and program files with...
Mozilla may allow violation of cross-domain scripting policies via dragging
Overview A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source. Description Mozilla web browsers allow the dragging of links and objects from one window to another. Should the object copied ...
Mozilla Mail vulnerable to buffer overflow via "writeGroup()" function in "nsVCardObj.cpp"
Overview Mozilla Mail contains a vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine with the privileges of the current user. Description Mozilla Mail contains a stack...
Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs
Overview A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability exists in the way that some versions of the Mozilla and Firefox web browsers, and...
Mozilla allows signed scripts calling "enablePrivilege" to change contents of a "grant" dialog
Overview A vulnerability in the way Mozilla and its derived programs display dialogs in some circumstances could allow a remote attacker to install and run software on a vulnerable system. Description The Mozilla web browser and related Mozilla products support the ability to run signed scripts...
Apache vulnerable to buffer overflow when expanding environment variables
Overview There is a buffer overflow vulnerability in apresolveenv function of Apache that could allow a local user to gain elevated privileges. Description The Apache HTTP Server is a freely available web server that runs on a variety of operating systems including Unix, Linux, and Microsoft...
Mozilla contains integer overflows in bitmap image decoder
Overview A vulnerability in the way Mozilla and its derived programs handle certain bitmap images could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla web browser and related Mozilla products support the ability to natively display a number of...
Mozilla fails to properly handle script-generated events
Overview There is a vulnerability the way Mozilla handles script-generated events that could allow a remote, unauthenticated attacker to access data contained on the victim's clipboard. Description Mozilla is an open-source web browser, email/newsgroup client, IRC client, and HTML editor availabl...
star fails to set proper permissions on programs specified in RSH environment variable
Overview Star can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Star is a tape archiving program similar to tar. Star permits the use of storage devices on remote machines via an access program on...
cdrecord fails to set proper permissions on programs specified in RSH environment variable
Overview Cdrecord can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Cdrecord is an application used to create data or audio compact discs. Cdrecord permits the use of CD recorders on remote machine...
Microsoft Office WordPerfect 5.x Converter contains a buffer overflow vulnerability
Overview A buffer overflow vulnerability in the Microsoft Office WordPerfect 5.x Converter could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Office WordPerfect 5.x Converter allows users to convert documents in WordPerfect format to Microsof...
Microsoft Windows GDI+ contains a buffer overflow vulnerability in the JPEG parsing component
Overview A buffer overflow vulnerability in the Microsoft Windows GDI+ JPEG parsing component could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Graphics Device Interface GDI+ is an application programming interface API that provides...
Microsoft Internet Explorer treats arbitrary files as images for drag and drop operations
Overview Microsoft Internet Explorer IE treats arbitrary files as images during drag and drop mouse operations. This could allow an attacker to trick a user into copying a file to a location where it may be executed, such as the Windows StartUp folder. Description IE treats any file referenced by...
Apple QuickTime Streaming Server vulnerable to DoS
Overview There is a vulnerability in the Apple QuickTime Streaming Server that could allow a remote attacker to cause a denial-of-service condition. Description Apple's QuickTime Streaming Server provides an integrated distribution mechanism for various forms of digital content. There is a...
Microsoft Internet Explorer window.createPopup() method creates chromeless windows
Overview The Internet Explorer IE window.createPopup method creates chromeless popup windows. These windows can be used to spoof the user interface in Internet Explorer, any Windows application, or the Windows desktop. Description The visible area of a web browser window can be categorized into t...
Apple Mac OS X CoreFoundation CFPlugIn facilities automatically load plug-in executables
Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to gain elevated privileges. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications i...
Apple Mac OS X CoreFoundation contains a buffer overflow vulnerability
Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications in...
Ethereal fails to properly handle malformed iSNS packets
Overview Ethereal contains a vulnerability in the way it processes Internet Storage Name Service iSNS packets. Description The Internet Storage Name Service iSNS protocol is used to automate the discovery, management, and configuration of iSCSI and Fibre Channel devices in an IP network. Ethereal...
Ethereal fails to properly handle malformed SMB packets
Overview Ethereal contains a vulnerability in the way it processes Server Message Block SMB packets. Description The Server Message Block SMB protocol is used for sharing files, printers, and other resources between computers. SMB is used in Microsoft Windows to provide file and print services...
KDE DCOPServer insecurely creates temporary files
Overview KDE DCOPServer insecurely creates and maintains temporary files used for authentication purposes. Unauthorized local users may be able to modify user account information and execute arbitrary commands with the privileges of the compromised account. Description The Desktop COmmunications...
Ethereal fails to properly handle malfored SNMP packets
Overview Ethereal contains a vulnerability in the way it processes Simple Network Management Protocol SNMP packets. Description The Simple Network Management Protocol SNMP protocol enables network and system administrators to remotely monitor and configure devices on the network devices such as...
Sun Enterprise Storage Manager may allow an unprivileged local user to gain root access
Overview A vulnerability exists in Sun StorEdge Enterprise Storage Manager ESM that may allow unauthorized local users to gain root privileges. Description The Sun StorEdge Enterprise Storage Manager ESM version 2.1 for the Sun SPARC platform may allow non-root local users assigned the "EMSUser"...
MIT Kerberos 5 ASN.1 decoding function asn1buf_skiptail() does not properly terminate loop
Overview The asn1bufskiptail function in the MIT Kerberos 5 library does not properly terminate a loop, allowing an unauthenticated, remote attacker to cause a denial of service in a Kerberos Distribution Center KDC, application server, or Kerberos client. Description As described on the MIT...
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
Overview The krb5rdcred function in the MIT Kerberos 5 library does not securely deallocate heap memory when decoding ASN.1 structures, resulting in a double-free vulnerability. A remote, authenticated attacker could execute arbitrary code or cause a denial of service on any system running an...
MIT Kerberos krb524d insecurely deallocates memory (double-free)
Overview The MIT Kerberos krb524d daemon does not securely deallocate heap memory when handling an error condition, resulting in a double-free vulnerability. An unauthenticated, remote attacker could execute arbitrary code on a system running krb524d, which in many cases is also a Kerberos...
MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free)
Overview The MIT Kerberos 5 library does not securely deallocate heap memory when decoding ASN.1 structures, resulting in double-free vulnerabilities. An unauthenticated, remote attacker could execute arbitrary code on a KDC server, which could compromise an entire Kerberos realm. An attacker may...
Oracle Application Server contains several vulnerabilities
Overview Several vulnerabilities exist in the Portal and iSQLPlus components of the Oracle Application Server. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system...
Oracle Enterprise Manager contains several vulnerabilities
Overview Several vulnerabilities exist in the Oracle Enterprise Manager. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have a valid operating system user account on the Enterprise Manager host. Description The Oracle Enterprise Manage...
Oracle Database Server contains several vulnerabilities
Overview Several vulnerabilities exist in the Oracle Database Server and Listener. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system. Description Oracle Database 1...
isakmpd crashes when handling ISAKMP packets with malformed "Security Association Payload"
Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...
isakmpd fails to handle ISAKMP packets with "Payload Length" of zero
Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...
Integer underflow vulnerability in isakmpd "Certificate Request Payload" handling
Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...
tcpdump contains buffer overflow vulnerability in ISAKMP "Delete Payload" handling
Overview A vulnerability in tcpdump could allow a remote attacker to cause a denial of service on an affected system. Description The tcpdump tool allows for the inspection of network packets and contains decoders for many standard protocols, including the Internet Security Association and Key...
isakmpd crashes when handling ISAKMP packets with malformed "Delete Payload"
Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...