GdkPixbuf ICO parser contains an integer overflow vulnerability

Overview An integer overflow vulnerability exists in the ICO handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user...

GdkPixbuf BMP parser may enter an infinite loop

Overview A vulnerability exists in the BMP handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user interfaces. It is used b...

The zlib compression library is vulnerable to a denial-of-service condition

Overview Un-handled error conditions in the zlib compression library may allow an attacker to cause a denial-of-service condition. Description There is a vulnerability in the error handling mechanisms of the decompression functions in the zlib compression library. The decompression functions...

GdkPixbuf XPM parser contains a stack overflow vulnerability

Overview A stack overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for...

GdkPixbuf XPM parser contains a heap overflow vulnerability

Overview A heap overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for...

libXpm image library vulnerable to buffer overflow

Overview libXpm image parsing code contains a buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition or execute arbitrary code. Description X PixMap XPM is a format for encoding and decoding images on the X Windows System 11 X11. libXpm is a library of...

libXpm library contains multiple integer overflow vulnerabilities

Overview libXpm contains multiple integer overflow vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code. Description XPM is a format for encoding and decoding X PixMap images that is used in the X Windows System 11 X11. libXpm is a library of...

Apache vulnerable to buffer overflow when expanding environment variables

Overview There is a buffer overflow vulnerability in apresolveenv function of Apache that could allow a local user to gain elevated privileges. Description The Apache HTTP Server is a freely available web server that runs on a variety of operating systems including Unix, Linux, and Microsoft...

Mozilla contains integer overflows in bitmap image decoder

Overview A vulnerability in the way Mozilla and its derived programs handle certain bitmap images could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla web browser and related Mozilla products support the ability to natively display a number of...

Mozilla Mail vulnerable to buffer overflow via "writeGroup()" function in "nsVCardObj.cpp"

Overview Mozilla Mail contains a vulnerability in the display routines for VCards. By sending an email message with a crafted VCard, a remote attacker may be able to execute arbitrary code on the victim's machine with the privileges of the current user. Description Mozilla Mail contains a stack...

Mozilla Linux installer does not properly set file permissions

Overview Mozilla's Linux installers may not properly set file permissions on the installed program files. A local user may then be able to modify or replace these files with malicious versions. Description Some versions of Mozilla's Linux installer may create installation and program files with...

Mozilla may allow violation of cross-domain scripting policies via dragging

Overview A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source. Description Mozilla web browsers allow the dragging of links and objects from one window to another. Should the object copied ...

Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs

Overview A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability exists in the way that some versions of the Mozilla and Firefox web browsers, and...

Mozilla allows signed scripts calling "enablePrivilege" to change contents of a "grant" dialog

Overview A vulnerability in the way Mozilla and its derived programs display dialogs in some circumstances could allow a remote attacker to install and run software on a vulnerable system. Description The Mozilla web browser and related Mozilla products support the ability to run signed scripts...

Mozilla "send page" feature contains a buffer overflow vulnerability

Overview There is a buffer overflow vulnerability in the Mozilla "send page" feature that could allow a remote attacker to execute arbitrary code. Description Mozilla is an open-source web browser, email/newsgroup client, IRC client, and HTML editor available for a number of platforms including...

Multiple buffer overflows in Mozilla POP3 protocol handler

Overview There are multiple buffer overflow vulnerabilities in the Mozilla POP3 protocol handler that could allow a remote attacker to execute arbitrary code. Description Post Office Protocol Version 3 POP3 is a mail protocol that provides a means for retrieving email from a remote server. The...

Mozilla fails to properly handle script-generated events

Overview There is a vulnerability the way Mozilla handles script-generated events that could allow a remote, unauthenticated attacker to access data contained on the victim's clipboard. Description Mozilla is an open-source web browser, email/newsgroup client, IRC client, and HTML editor availabl...

star fails to set proper permissions on programs specified in RSH environment variable

Overview Star can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Star is a tape archiving program similar to tar. Star permits the use of storage devices on remote machines via an access program on...

cdrecord fails to set proper permissions on programs specified in RSH environment variable

Overview Cdrecord can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Cdrecord is an application used to create data or audio compact discs. Cdrecord permits the use of CD recorders on remote machine...

Microsoft Office WordPerfect 5.x Converter contains a buffer overflow vulnerability

Overview A buffer overflow vulnerability in the Microsoft Office WordPerfect 5.x Converter could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Office WordPerfect 5.x Converter allows users to convert documents in WordPerfect format to Microsof...

Microsoft Internet Explorer treats arbitrary files as images for drag and drop operations

Overview Microsoft Internet Explorer IE treats arbitrary files as images during drag and drop mouse operations. This could allow an attacker to trick a user into copying a file to a location where it may be executed, such as the Windows StartUp folder. Description IE treats any file referenced by...

Microsoft Windows GDI+ contains a buffer overflow vulnerability in the JPEG parsing component

Overview A buffer overflow vulnerability in the Microsoft Windows GDI+ JPEG parsing component could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Graphics Device Interface GDI+ is an application programming interface API that provides...

Apple QuickTime Streaming Server vulnerable to DoS

Overview There is a vulnerability in the Apple QuickTime Streaming Server that could allow a remote attacker to cause a denial-of-service condition. Description Apple's QuickTime Streaming Server provides an integrated distribution mechanism for various forms of digital content. There is a...

Microsoft Internet Explorer window.createPopup() method creates chromeless windows

Overview The Internet Explorer IE window.createPopup method creates chromeless popup windows. These windows can be used to spoof the user interface in Internet Explorer, any Windows application, or the Windows desktop. Description The visible area of a web browser window can be categorized into t...

Apple Mac OS X CoreFoundation CFPlugIn facilities automatically load plug-in executables

Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to gain elevated privileges. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications i...

Apple Mac OS X CoreFoundation contains a buffer overflow vulnerability

Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications in...

Ethereal fails to properly handle malformed SMB packets

Overview Ethereal contains a vulnerability in the way it processes Server Message Block SMB packets. Description The Server Message Block SMB protocol is used for sharing files, printers, and other resources between computers. SMB is used in Microsoft Windows to provide file and print services...

KDE DCOPServer insecurely creates temporary files

Overview KDE DCOPServer insecurely creates and maintains temporary files used for authentication purposes. Unauthorized local users may be able to modify user account information and execute arbitrary commands with the privileges of the compromised account. Description The Desktop COmmunications...

Ethereal fails to properly handle malfored SNMP packets

Overview Ethereal contains a vulnerability in the way it processes Simple Network Management Protocol SNMP packets. Description The Simple Network Management Protocol SNMP protocol enables network and system administrators to remotely monitor and configure devices on the network devices such as...

Ethereal fails to properly handle malformed iSNS packets

Overview Ethereal contains a vulnerability in the way it processes Internet Storage Name Service iSNS packets. Description The Internet Storage Name Service iSNS protocol is used to automate the discovery, management, and configuration of iSCSI and Fibre Channel devices in an IP network. Ethereal...

Sun Enterprise Storage Manager may allow an unprivileged local user to gain root access

Overview A vulnerability exists in Sun StorEdge Enterprise Storage Manager ESM that may allow unauthorized local users to gain root privileges. Description The Sun StorEdge Enterprise Storage Manager ESM version 2.1 for the Sun SPARC platform may allow non-root local users assigned the "EMSUser"...

MIT Kerberos 5 ASN.1 decoding function asn1buf_skiptail() does not properly terminate loop

Overview The asn1bufskiptail function in the MIT Kerberos 5 library does not properly terminate a loop, allowing an unauthenticated, remote attacker to cause a denial of service in a Kerberos Distribution Center KDC, application server, or Kerberos client. Description As described on the MIT...

MIT Kerberos krb524d insecurely deallocates memory (double-free)

Overview The MIT Kerberos krb524d daemon does not securely deallocate heap memory when handling an error condition, resulting in a double-free vulnerability. An unauthenticated, remote attacker could execute arbitrary code on a system running krb524d, which in many cases is also a Kerberos...

MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)

Overview The krb5rdcred function in the MIT Kerberos 5 library does not securely deallocate heap memory when decoding ASN.1 structures, resulting in a double-free vulnerability. A remote, authenticated attacker could execute arbitrary code or cause a denial of service on any system running an...

MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free)

Overview The MIT Kerberos 5 library does not securely deallocate heap memory when decoding ASN.1 structures, resulting in double-free vulnerabilities. An unauthenticated, remote attacker could execute arbitrary code on a KDC server, which could compromise an entire Kerberos realm. An attacker may...

Oracle Application Server contains several vulnerabilities

Overview Several vulnerabilities exist in the Portal and iSQLPlus components of the Oracle Application Server. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system...

Oracle Enterprise Manager contains several vulnerabilities

Overview Several vulnerabilities exist in the Oracle Enterprise Manager. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have a valid operating system user account on the Enterprise Manager host. Description The Oracle Enterprise Manage...

Oracle Database Server contains several vulnerabilities

Overview Several vulnerabilities exist in the Oracle Database Server and Listener. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system. Description Oracle Database 1...

isakmpd crashes when handling ISAKMP packets with malformed "Delete Payload"

Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...

tcpdump contains integer underflow vulnerability in ISAKMP "Identification Payload" handling

Overview A vulnerability in tcpdump could allow a remote attacker to cause a denial of service on an affected system. Description The tcpdump tool allows for the inspection of network packets and contains decoders for many standard protocols, including the Internet Security Association and Key...

Integer underflow vulnerability in isakmpd "Certificate Request Payload" handling

Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...

Cisco IOS fails to properly handle telnet connections

Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability could allow remote attackers to prevent new connections to remote management services on a vulnerable device. Description Cisco IOS devices can be remotely managed using a number of...

Multiple memory leak vulnerabilities in isakmpd

Overview Multiple memory handling vulnerabilities exist in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security...

isakmpd crashes when handling ISAKMP packets with malformed "Security Association Payload"

Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...

isakmpd fails to handle ISAKMP packets with "Payload Length" of zero

Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...

tcpdump contains buffer overflow vulnerability in ISAKMP "Delete Payload" handling

Overview A vulnerability in tcpdump could allow a remote attacker to cause a denial of service on an affected system. Description The tcpdump tool allows for the inspection of network packets and contains decoders for many standard protocols, including the Internet Security Association and Key...

Sun Solaris dtmail contains a format string vulnerability

Overview A vulnerability in the way dtmail handles command-line arguments could allow an attacker to execute arbitrary code. Description The dtmail program is a mail user agent MUA for the Common Desktop Environment CDE. It provides a graphical user interface for reading, sending, and managing...

Novell Bordermanager VPN Service denial-of-service vulnerability

Overview A vulnerability exists in the Novell Bordermanager VPN service that could allow a remote attacker to cause a denial of service. Description The Novell Bordermanager product includes Virtual Private Network VPN capabilities, including support for the standard Internet Key Exchange IKE...

Mac OS X Safari "Show in Finder" option may allow arbitrary file execution

Overview Mac OS X Safari "Show in Finder" option may automatically open and execute downloaded files. This could allow an attacker to execute arbitrary code. Description Safari is the default web browser for Mac OS X. Safari has a "Show in Finder" option to allow users to automatically reveal the...

Powie's PSCRIPT Forum fails to filter user posts

Overview Powie's PSCRIPT Forum fails to properly sanitize user input, which allows an attacker to create a user profile that can execute arbitrary scripts in a victim's web browser when the victim views the profile. Description Powie's PSCRIPT Forum is an online forum application written in PHP...