Mozilla fails to validate the DN of X.509 certificates

Overview Mozilla fails to verify that the Distinguished Name DN of an X.509 certificate is unique when importing it. A denial of service occurs when Mozilla imports a specially crafted, self-signed certificate that has the same DN as an existing Certificate Authority CA root certificate...

CVSTrac fails to properly sanitize input passed to "filediff"

Overview CVSTrac fails to check the validity of input passed to the "rcsinfo" parameter of "filediff." This allows execution of arbitrary commands on the server. Description CVSTrac is a web-based bug and patch set tracking system for use with CVS. CVSTrac 1.1.3 and earlier fail to properly...

Mozilla contains a buffer overflow in the SendUidl() function

Overview A vulnerability in the way Mozilla handles certain types of POP3 responses could allow a remote attacker to execute arbitrary code on an affected system. Description Post Office Protocol Version 3 POP3 is a mail protocol that provides a means for retrieving email from a remote server. Th...

Cisco IOS fails to properly handle malformed OSPF packets

Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. Description Open Shortest Path First OSPF is a routing protocol that provides a means for...

CVS "history" command may disclose sensitive information

Overview A vulnerability exists in the history command of Concurrent Versions System CVS. If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user. Description Concurrent Versions System CVS is a...

Apple Safari fails to properly handle form data in HTTP redirects

Overview There is a vulnerability in the way Safari handles form data that may expose sensitive information when the forward/backward buttons are used. Description Apple Safari is a web browser available for the Mac OS X operating system. A vulnerability exists in the way Safari handles web form...

JetboxOne leaves account database unencrypted

Overview JetboxOne does not encrypt information in the account information database. Any user with the ability to query the database may be able to view confidential account information. Description JetboxOne is an open-source content management system that is written in PHP. An information...

Juniper Networks NetScreen firewall contains a DoS vulnerability in the SSHv1 service

Overview A vulnerability in the SSHv1 service of NetScreen firewalls could allow an attacker to cause a denial-of-service condition. Description Juniper Networks NetScreen firewall products include a Secure Shell version 1 SSHv1 implementation called Secure Command Shell SCS. The SSHv1 service...

JetboxOne may allow unauthorized users to execute arbitrary code

Overview Lack of input validation in JetboxOne version 2.0.8 allows an user to upload arbitrary files to the vulnerable system. This could lead to the execution of arbitrary code. Description JetboxOne, an open-source content management system, could allow an attacker with "AUTHOR" privileges to...

Microsoft Outlook Web Access contains vulnerability in HTML redirection query

Overview A cross-site scripting vulnerability in Microsoft Exchange 5.5 Outlook Web Access OWA could allow an attacker to execute arbitrary scripting code in the victim's browser. Description Outlook Web Access OWA is a component of Microsoft Exchange. By using OWA, a server that is running...

Sun Solaris X Display Manager does not properly handle invalid XDMCP requests

Overview There is a vulnerability in the way Sun Solaris handles invalid X Display Manager Control Protocol XDMCP requests. Exploitation of this vulnerability could allow an attacker to cause the X Display Manager XDM to crash. Description The X Display Manager xdm1 is responsible for managing...

AOL Instant Messenger vulnerable to buffer overflow

Overview A vulnerability in the AOL Instant Messenger AIM client could allow a remote attacker to execute arbitrary code on a victim system. Description AOL Instant Messenger AIM is an instant messaging system distributed by AOL Time Warner. A buffer overflow error exists in the way that some...

Board Power contains cross-site scripting vulnerability in the 'action' parameter of 'icq.cgi'

Overview Board Power fails to filter malicious content provided in the URL, leading to a cross-site scripting vulnerability. Attackers who exploit this vulnerability may be able to execute arbitrary scripts. Description Board Power is a forum application available for multiple operating systems...

libpng png_handle_sBIT() performs insufficient bounds checking

Overview The Portable Network Graphics library libpng contains a flaw that could introduce a remotely exploitable vulnerability. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format GIF. The libpng...

libpng png_handle_sPLT() integer overflow

Overview The Portable Network Graphics library libpng contains a flaw that could introduce a remotely exploitable vulnerability. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format GIF. The libpng...

libpng contains integer overflows in progressive display image reading

Overview The Portable Network Graphics library libpng contains several flaws in progressive image handling that could introduce a remotely exploitable vulnerability. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...

libpng png_handle_iCCP() NULL pointer dereference

Overview The Portable Network Graphics library libpng contains a remotely exploitable vulnerability that could cause affected applications to crash. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format...

libpng integer overflow in image height processing

Overview The Portable Network Graphics library libpng contains a remotely exploitable vulnerability which could cause affected applications to crash. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics Interchange Format...

libpng fails to properly check length of transparency chunk (tRNS) data

Overview The Portable Network Graphics library libpng contains a remotely exploitable vulnerability, which could lead to arbitrary code execution on an affected system. Description The Portable Network Graphics PNG image format is used as an alternative to other image formats such as the Graphics...

BlackJumboDog contains buffer overflow vulnerability

Overview BlackJumboDog fails to verify the length of several FTP commands, creating a buffer overflow vulnerability. Exploitation of this vulnerability may result in code execution on the target system with privileges of the FTP service. Description BlackJumboDog is a multi-function server for...

Check Point VPN-1 products contain boundary error in the ASN.1 decoding library

Overview A vulnerability exists in Check Point's VPN-1 Server, which is included in many Check Point products. This vulnerability may permit a remote attacker to compromise the gateway system. Description Check Point VPN-1 Server is a Virtual Private Network VPN application. A buffer overflow...

Microsoft Internet Explorer contains a double-free vulnerability in the processing of GIF files

Overview A double-free vulnerability in Microsoft's Internet Explorer IE web browser could allow a remote attacker to cause a denial-of-service condition or execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE is a web browser. A double-free vulnerability has...

Microsoft Internet Explorer contains an integer overflow in the processing of bitmap files

Overview A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE is a web browser. An integer overflow vulnerability has been discovered in the way that Internet Explorer processes...

Multiple Cisco ONS control cards fail to properly handle malformed IP packets

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

Multiple Cisco ONS control cards fail to properly handle malformed SNMP packets

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

Cisco Transaction Language 1 (TL1) interface fails to properly validate accounts with blank passwords

Overview There is a vulnerability in the Cisco Transaction Language 1 TL1 login interface that could allow a remote attacker to gain access to a Cisco ONS device. Description Transaction Language 1 TL1 is a widely used telecommunications management protocol. A default account, CISCO15, contains a...

Multiple Cisco ONS control cards fail to properly handle malformed ICMP packets

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

Multiple Cisco ONS control cards fail to properly handle malformed UDP packets

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

Multiple Cisco ONS control cards fail to properly handle invalid TCP responses

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

Multiple Cisco ONS control cards fail to properly handle malformed TCP packets

Overview A vulnerability exists in multiple control cards used by Cisco ONS devices. This vulnerability could allow a remote attacker to cause a denial-of-service condition. Description Cisco's Optical Networking product line consists of a series of devices designed to offer high-bandwidth data...

Sun Solaris Volume Manager (SVM) fails to properly handle malformed probe requests

Overview There is a vulnerability in the Sun Solaris Volume Manager SVM that could allow a local user to cause a denial-of-service condition. Description The Sun Volume Manager is a component of the Solaris operating system and provides disk and storage management. There is a vulnerability in the...

Sun Java System Portal Server fails to properly handle changes to display options

Overview There is a vulnerability in the Sun Java System Portal Server, which could allow a remote, authenticated user to gain access to the administrative credentials of the Calendar server. Description The Sun Java System Portal Server is a content management system that provides centralized...

mod_ssl contains a format string vulnerability in the ssl_log() function

Overview There is a format string vulnerability in the ssllog function of the modssl module that could allow an attacker to potentially execute arbitrary code. Description modssl is an Apache module that provides Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocol support...

Microsoft Windows contains a buffer overflow in the POSIX subsystem

Overview A buffer overflow vulnerability exists in the Portable Operating System Interface for UNIX POSIX subsystem for Windows NT 4.0 and Windows 2000. This vulnerability may be exploited by a local authenticated user to gain full system privileges. Description Windows NT 4.0 and Windows 2000...

Microsoft Outlook Express fails to properly validate malformed e-mail headers

Overview A vulnerability exists in some versions of Microsoft Outlook Express that could allow a remote attacker to cause a denial of service. Description According to Microsoft Security Bulletin MS04-018, a flaw exists in the way that some versions of Microsoft's Outlook Express mail client...

Microsoft Windows HTML Help component fails to properly validate input data

Overview There is a vulnerability in the HTML Help component of Microsoft Windows that could allow an attacker to execute arbitrary code on an affected system. Description Microsoft HTML Help provides a standard help system for the Windows operating system. There is a vulnerability in the way...

Microsoft Windows contains a vulnerability in the way the Windows Shell launches applications

Overview Microsoft Windows contains a remote code execution vulnerability in the way that the Windows Shell launches applications. An remote attacker could exploit this vulnerability to execute arbitrary code if they could trick a user into visiting a malicious website. Description Microsoft...

Microsoft Windows fails to properly process showHelp URLs

Overview A vulnerability in the showHelp Method may allow a remote attacker to execute arbitrary code. Description A cross domain vulnerability exists in the showHelp method that may permit a remote attacker to execute local commands on the system with the privileges of the current user...

Microsoft Windows Utility Manager launches applications with system privileges

Overview The Microsoft Windows 2000 Utility Manager allows authenticated local users to launch applications with SYSTEM privileges. Description The Microsoft Windows 2000 Utility Manager is a program that permits users to monitor and launch various accessibility applications. This program contain...

Microsoft Internet Information Server (IIS) 4.0 contains a buffer overflow in the redirect function

Overview There is a vulnerability in the redirect function of Microsoft's Internet Information Server IIS 4.0 that could allow an attacker to execute arbitrary code on an affected system. Description Internet Information Server IIS is a web server available for the Microsoft Windows operating...

Microsoft Windows Task Scheduler Buffer Overflow

Overview Microsoft Windows Task Scheduler has a buffer overflow that may allow a remote or local intruder to execute arbitrary code. Description Microsoft Windows Task Scheduler Mstask.dll is a COM-based API ActiveX control that provides a scheduling service for executing arbitrary commands on a...

MySQL fails to properly handle overly long "scramble" values

Overview There is a buffer overflow vulnerability in the way MySQL handles overly long "scramble" strings, which could allow an attacker to cause a denial of service or potentially execute arbitrary code. Description MySQL is an open-source database system available for Microsoft Windows, Linux,...

MySQL fails to properly evaluate zero-length strings in the check_scramble_323() function

Overview There is a vulnerability in the password authentication mechanism of MySQL which could allow an attacker to bypass authentication by supplying a zero-length string. Description MySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating...

Mozilla fails to restrict access to the "shell:" URI handler

Overview A vulnerability in the way Mozilla and its derived programs handle certain types of links could allow an attacker to run local programs on a vulnerable system. Description Versions of the Mozilla, Firefox, and Thunderbird programs for Microsoft Windows will handle URIs of the form shell:...

Cisco Collaboration Server (CCS) ServletExec allows arbitrary file uploading

Overview There is a vulnerability in the ServletExec subcomponent of the Cisco Collaboration Server CCS that could allow an attacker to upload arbitrary files to the server. Description The Cisco Collaboration Server CCS is designed to provide interactive customer support web page sharing,...

Juniper JUNOS Packet Forwarding Engine (PFE) IPv6 memory leak

Overview The Juniper JUNOS Packet Forwarding Engine PFE leaks memory when certain IPv6 packets are submitted for processing. If an attacker submits multiple packets to a vulnerable router running IPv6-enabled PFE, the router can be repeatedly rebooted, essentially creating a denial of service for...

Sun Solaris vulnerable to DoS when the Basic Security Module (BSM) is configured to perform auditing of specific classes

Overview There is a vulnerability in Sun Solaris that could allow local users to cause a denial of service when the Basic Security Module BSM is configured to perform auditing of specific audit classes. Description Sun Microsystems describes the Basic Security Module BSM as a "security auditing...

Sun Solaris patches may cause passwords to be logged in clear text

Overview Sun Solaris contains a vulnerability in which systems configured as kerberos clients that have specific patches installed may log passwords in clear text. Description Sun Microsystems released patches 112908-12 and 115168-03 to address issues in kerberos. There is a vulnerability in thes...

ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions

Overview The Internet Systems Consortium's ISC Dynamic Host Configuration Protocol DHCP 3 application contains a vulnerability that introduces several potential buffer overflow conditions. Exploitation of this vulnerability can cause a denial-of-service condition to the DHCP Daemon DHCPD and may...

ISC DHCP contains a stack buffer overflow vulnerability in handling log lines containing ASCII characters only

Overview The Internet Systems Consortium's ISC Dynamic Host Configuration Protocol DHCP 3 application contains a buffer overflow vulnerability. Exploitation of this vulnerability can cause a denial of service condition to the DHCP Daemon DHCPD and may permit a remote attacker to execute arbitrary...