3695 matches found
Apple Mac OS X vulnerable to privilege escalation when using Directory Services
Overview A vulnerability in Mac OS X may permit a local authenticated user with physical access to the machine to gain elevated privileges. Description Mac OS X permits the remote authentication of users via directory sevices lookups. When a user logs in to a machine configured to use the Directo...
BGP implementations do not adequately handle malformed BGP OPEN and UPDATE messages
Overview Multiple implementations of the Border Gateway Protocol BGP contain vulnerabilities related to the processing of UPDATE and OPEN messages. The impacts of these vulnerabilities appear to be limited to denial of service. Description BGP RFC 1771 is designed to exchange network reachability...
Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
Overview The Linux kernel contains a denial-of-service vulnerability that allows local users to disable affected hosts. Description Several versions of the Linux kernel contain a defect in their use of the Intel processor instruction set. The "fsave" and "frstor" instructions are used to store an...
Cisco CatOS TCP ACK handling vulnerability
Overview A vulnerability in Cisco CatOS may allow a remote attacker to cause a denial of service on an affected device. Description Cisco's CatOS is an operating system that runs on some Cisco Catalyst switch products. A vulnerability in the way that TCP services on CatOS handle malformed...
BEA WebLogic Server contains vulnerability in handling of certain tags when editing "weblogic.xml"
Overview BEA WebLogic Server contains a vulnerability in the way Weblogic Builder and the SecurityRoleAssignmentMBean.toXML method parse certain tags in the weblogic.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing,...
Perl vulnerable to buffer overflow in win32_stat()
Overview A flaw in a standard function in some Perl distributions could allow an attacker to execute arbitrary code on the vulnerable system. Description The stat Perl function, similar to the standard C stat function, returns a list giving the status info for a file. Since the stat function is...
Cisco IPsec VPNSM vulnerable to DoS via malformed IKE packet
Overview A vulnerability in a Cisco VPN module can allow a remote attacker to cause a denial-of-service to the device in which the module is installed. Description The Cisco IP Security IPsec VPN Services Module VPNSM is a high-speed module for the Cisco Catalyst 6500 Series Switch and the Cisco...
Microsoft Internet Explorer does not properly validate source of redirected frame
Overview Microsoft Internet Explorer IE does not adequately validate the security context of a frame that has been redirected by a web server. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone...
Oracle E-Business Suite SQL Injection vulnerabilities
Overview Oracle E-Business Suite fails to filter user input permiting the exploitation of SQL injection vulnerabilities. These vulnerabilities may allow a remote attacker to execute procedures or SQL queries and updates on the vulnerable database application. Description According to the Oracle...
MIT Kerberos 5 krb5_aname_to_localname() contains several heap overflows
Overview MIT Kerberos 5 contains several heap buffer overflow vulnerabilities in code that translates Kerberos principal names to local UNIX account names. An authenticated, remote attacker could execute arbitrary code on a vulnerable system with root privileges. Description MIT Kerberos 5 contai...
HP OpenView Select Access fails to properly decode UTF-8 encoded unicode characters in URLs
Overview There is a vulnerability in the way HP OpenView Select Access decodes UTF-8 encoded unicode characters in URLs. This vulnerability could allow a remote user to gain access to resources the user would otherwise be unauthorized to access. Description HP OpenView Select Access is a software...
Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate input
Overview There is a vulnerability in an ActiveX control provided by Norton AntiVirus 2004 that could allow an attacker to execute arbitrary programs, launch a browser window containing an unauthorized URL, or cause a denial of service on a vulnerable system. Description Norton AntiVirus 2004 is a...
Apple Mac OS X "disk://" URI handler stores arbitrary files in a known location
Overview A vulnerability has been reported in the default "disk://" protocol handler installed on Apple Mac OS X systems. Remote attackers may potentially use this vulnerability to create files on the local system without explicit user consent. We have not independently verified the scope of this...
Apple Mac OS X help system may interpret inappropriate local script files
Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...
CVS contains a heap overflow in the handling of flag insertion
Overview A heap overflow vulnerability in the Concurrent Versions System CVS could allow a remote attacker to execute arbitrary code on a vulnerable system. Description CVS is a source code maintenance system that is widely used by open-source software development projects. There is a heap memory...
Sun Java Runtime Environment vulnerable to DoS
Overview The Sun Java Runtime Environment JRE contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service condition in the Java Virtual Machine JVM. Description The Sun Java Runtime Environment provides the libraries and components necessary to run...
Multiple Symantec firewall products contain a heap corruption vulnerability in the handling of NBNS response packets
Overview There is a heap corruption vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted NetBIOS Name Service NBNS response packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. Description Symante...
Multiple Symantec firewall products fail to properly process DNS response packets
Overview There is a vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted Domain Name Service DNS response packet could allow an unauthenticated, remote attacker to cause a denial of service condition. Description Symantec offers a suite of corporat...
IEEE 802.11 wireless network protocol DSSS CCA algorithm vulnerable to denial of service
Overview The IEEE 802.11 wireless networking protocol contains a vulnerability that could allow a remote attacker to cause a denial of service to any wireless device within range. Description IEEE 802.11 wireless network protocols use a Clear Channel Assessment CCA algorithm to determine whether ...
Multiple Symantec firewall products contain a buffer overflow in the processing of DNS resource records
Overview There is a buffer overflow vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted Domain Name Service DNS packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. Description Symantec offers a...
Multiple Symantec firewall products fail to properly process NBNS response packets
Overview There is a buffer overflow vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted NetBIOS Name Service NBNS response packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. Description Symante...
Microsoft Help and Support Center (HCP) fails to properly validate HCP URLs
Overview The Microsoft Help and Support Center HCP fails to properly handle HCP URL validation. Exploitation of this vulnerability may permit remote attackers to execute arbitrary code on the system with the privileges of the current user. Description Microsoft Windows XP and Server 2003 Help and...
Gaim contains a buffer overflow vulnerability in the Extract Info Field function
Overview There is a buffer overflow vulnerability in the gaimmarkupextractinfofield function, which could allow an unauthenticated, remote attacker to cause a denial of service or execute arbitrary code. Description Gaim is a multi-protocol instant messenger client available for a number of...
Gaim contains an integer overflow vulnerability when parsing DirectIM packets
Overview There is an integer overflow vulnerability in the handlehdrodc function, which could allow an unauthenticated, remote attacker to cause a denial of service or potentially execute arbitrary code. Description Gaim is a multi-protocol instant messenger client available for a number of...
Apple Mac OS X AppleFileServer fails to properly handle certain authentication requests
Overview There is a buffer overflow vulnerability in the way Apple's AppleFileServer handles certain authentication requests. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code. Description The AppleFileServer provides Apple Filing Protocol AFP services f...
Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function
Overview There is a buffer overflow vulnerability in the Gaim gaimurlparse function, which could allow an unauthenticated, remote attacker to execute arbitrary code. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. There is a buffer overflow...
Gaim fails to properly validate the "value" parameter in the Yahoo login webpage
Overview There is a buffer overflow vulnerability in the way the Gaim yahoologinpagehash function parses the "value" parameter in the Yahoo login webpage. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging...
Gaim contains a buffer overflow vulnerability in the http_canread() function
Overview There is a buffer overflow vulnerability in the Gaim httpcanread function, which could allow an unauthenticated, remote attacker to execute arbitrary code. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It provides a feature that allow...
Gaim fails to properly parse cookies in Yahoo web connections
Overview There is a buffer overflow vulnerability in the way Gaim parses cookies for Yahoo web connections. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger YMSG...
Gaim fails to properly validate the "name" parameter in the Yahoo login webpage
Overview There is a buffer overflow vulnerability in the way the Gaim yahoologinpagehash function parses the "name" parameter in the Yahoo login webpage. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging...
Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function
Overview There is a buffer overflow vulnerability in the Gaim yahoopacketread function, which could allow an unauthenticated, remote attacker to execute arbitrary code. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of...
Apple QuickTime contains an integer overflow in the "QuickTime.qts" extension
Overview Apple QuickTime contains an integer overflow vulnerability in the "QuickTime.qts" extension, which could result in arbitrary code execution. Description Apple's QuickTime Player is a player that allow users to view local and remote audio/video content. Other applications, such as web...
Gaim contains an off-by-one buffer overflow vulnerability in the yahoo_decode() function
Overview There is an off-by-one buffer overflow vulnerability in the Gaim yahoodecode function. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger YMSG protocol...
Gaim contains a buffer overflow vulnerability in the gaim_quotedp_decode() function
Overview There is a buffer overflow vulnerability in the Gaim gaimquotedpdecode function, which could cause a pointer to reference memory beyond the terminating null byte. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It includes a feature tha...
Gaim contains an off-by-one buffer overflow vulnerability in the gaim_quotedp_decode() function
Overview There is an off-by-one buffer overflow vulnerability in the Gaim MIME decoder. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It includes a feature that requires Gaim to decode MIME-encoded data. There is an off-by-one buffer overflow...
libgcc contains multiple flaws that allow integer type range vulnerabilities to occur at runtime
Overview The libgcc runtime for the gcc and g++ compilers contain multiple flaws that can result in integer type range vulnerabilities in programs that are compiled using the -ftrapv option. Description Both gcc and g++ provide an -ftrapv compiler option that, according to the gcc man page,...
Gaim contains a buffer overflow vulnerability in the yahoo_decode() function
Overview There is a buffer overflow vulnerability in the Gaim yahoodecode function, which could cause a pointer to reference memory beyond the terminating null byte. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instan...
BEA WebLogic Server contains a vulnerability in the URL pattern matching
Overview There is a vulnerability in the URL pattern matching functionality of BEA WebLogic Server that could allow URL restrictions to be bypassed. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and...
BEA WebLogic Server configuration wizard stores administrative credentials in clear text log files
Overview There is a vulnerability in BEA WebLogic Server in which a user with access to log files generated by the configuration wizard could obtain the administrative username and password. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure fo...
BEA WebLogic Server allows unauthorized removal of EJB objects
Overview There is a vulnerability in the BEA WebLogic Server that could allow the unauthorized removal of an Enterprise JavaBean EJB. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...
BEA WebLogic Server internal methods may disclose sensitive information
Overview There is a vulnerability in BEA WebLogic Server that could allow users to obtain the credentials of the user who booted the server. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...
BEA WebLogic Server fails to properly validate certificate chains
Overview There is a vulnerability in BEA WebLogic Server in which certificate chains rejected by the custom trust manager could still be accepted by the server. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating,...
Cisco IOS fails to properly process solicited SNMP operations
Overview Cisco IOS contains a vulnerability in the processing of solicited Simple Network Management Protocol SNMP operations that may result in memory corruption of the device causing it to reload. Sustained exploitation of this vulnerability could lead to a denial of service condition affect a...
The Border Gateway Protocol relies on persistent TCP sessions without specifying authentication requirements
Overview A vulnerability exists in the reliance of the Border Gateway Protocol BGP on the Transmission Control Protocol TCP to maintain persistent sessions. Sustained exploitation of this vulnerability could lead to a denial-of-service condition affecting a large segment of the Internet community...
BEA WebLogic Server stores database password in clear text in "config.xml"
Overview WebLogic Server contains a vulnerability that may expose the database username and password in clear text in the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...
FTE fails to properly validate command line arguments
Overview FTE contains a vulnerability in the processing of command line arguments that could allow an attacker to execute arbitrary code. Description FTE is a text editor available for a variety of operating systems. There is a buffer overflow vulnerability in the way FTE performs bounds checking...
ptrace contains vulnerability allowing for local root compromise
Overview A vulnerability in the Linux 2.2 and 2.4 distributions of ptrace may permit a local attacker to gain elevated privileges. Description The Linux 2.2 and 2.4 kernels contained a flaw in ptrace. This vulnerability may permit a local user to have the kernel spawn a child process. From the ma...
FTE fails to properly validate environment variables
Overview FTE contains a vulnerability in the processing of certain environment variables that could allow an attacker to execute arbitrary code. Description FTE is a text editor available for a variety of operating systems. There is a buffer overflow vulnerability in the way FTE performs bounds...
BEA WebLogic Server fails to properly associate re-created groups
Overview WebLogic Server contains a vulnerability that could result in the creation of new groups inheriting the privileges of a previously deleted group if members of the deleted group still exist. Description BEA Systems describes WebLogic Server as "an industrial-strength application...
Microsoft Windows Help and Support Center (HCP) fails to validate HCP URLs
Overview A remotely exploitable vulnerability exists in the Help and Support Center HCP. An attacker could compromise the victim's system by tricking them into visiting a malicious web site, or viewing a malicious email message. Description A failure to filter special characters, such as quotes,...