3695 matches found
Microsoft Windows creates COM object identifiers incorrectly
Overview A vulnerability exists in Microsoft's COM object component. Explotiation of this vulnerability may lead to information disclosure and the ability for an attacker to open services on network communication ports. Description Microsoft's COM object component creates object identifiers in a...
Microsoft Windows Utility Manager contains vulnerability in the way it launches applications
Overview Microsoft Windows Utility Manager contains a vulnerability that may permit an authenticated user to launch applications with elevated privileges. Description Microsoft Windows 2000's Utility Manager is a program that permits users to monitor and launch various accessibility applications....
Microsoft Windows 2000 LSASS fails to properly handle certain LDAP messages
Overview A vulnerability exists in the Lightweight Directory Access Protocol LDAP message processing of the Windows 2000 domain controller. An attacker may be able to cause a denial-of-service condition to the vulnerable Active Directory domain. Description A vulnerability exists in the processin...
HAHTsite Scenario Server fails to handle overly long URLs
Overview HAHTsite Scenario Server fails to properly handle HTTP requests containing an overly long "project name". Description HAHTsite Scenario Server is an e-Business platform that consists of a web application server and web development environment. There is a buffer overflow vulnerability in...
Microsoft Windows Secure Sockets Layer (SSL) library vulnerable to DoS
Overview A vulnerability in the Microsoft Secure Sockets Layer library could allow a remote attacker to cause a denial-of-service condition on an affected system. Description The Secure Sockets Layer SSL protocol is commonly used to provide authentication, encryption, integrity, and non-repudiati...
Microsoft Private Communication Technology (PCT) fails to properly validate message inputs
Overview A vulnerability exists in the Private Communications Transport PCT protocol, which is part of the Microsoft Secure Sockets Layer SSL library. Exploitation of this vulnerability may permit a remote attacker to compromise the system. An exploit for this issue currently being used to...
Microsoft Windows XP creates tasks with elevated privileges
Overview Microsoft Windows XP contains a vulnerability in the way that tasks are created that may permit an authenticated user to launch applications with elevated privileges. Description Microsoft Windows creates tasks when a user launches an application. A vulnerability in the way that Windows ...
Microsoft Windows SSP interface fails to properly validate value used during authentication protocol selection
Overview A remotely exploitable vulnerability in Microsoft's Negotiate Security Software Provider SSP interface could permit an attacker to execute arbitrary code on the system. Description Microsoft's Negotiate Security Software Provider SSP interface contains a buffer overflow during the...
Microsoft Windows Virtual DOS Machine (VDM) contains null pointer dereference
Overview Microsoft Windows NT4.0 and Windows 2000 contain a vulnerability that could permit a local user to gain elevated privileges on the system. Description Microsoft Windows NT4.0 and Windows 2000 provide an Virtual DOS Machine VDM to support 16-bit legacy operations and applications. A...
Microsoft CIS and RPC over HTTP Proxy components fail to properly handle responses
Overview A vulnerability in a Microsoft HTTP Proxy component may lead to a denial of service. Description Microsoft's COM Internet Sevices CIS and Remote Procedure Call RPC over HTTP Proxy contain a vulnerability that could permit an attacker to cause a denial of service. When a forwarded request...
Microsoft RPCSS Service contains memory leak in handling of specially crafted messages
Overview Microsoft RPCSS Service contains a memory management vulnerability that may permit a remote attacker to cause a denial-of-service situation. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many versions o...
Microsoft Windows contains buffer overflow in processing of WMF and EMF image formats
Overview A vulnerability exists in the APIs that handle Microsoft Windows Metafiles WMF and Enhanced Metafiles EMF image formats. Exploitation may lead to an attacker executing arbitrary code on the system. Description The code that renders Windows Metafiles WMF and Enhanced Metafiles EMF image...
Sun Solaris SSH Daemon fails to properly log client IP addresses
Overview The Sun Solaris Secure Shell Daemon sshd may incorrectly log client IP addresses. Description SSH is a program used to provide secure connection and communications between client and servers. Upon connecting to the service, the client's IP address is logged. There is a vulnerability in t...
Microsoft Windows H.323 implementation fails to handle malformed requests
Overview A vulnerabilities in Microsoft Windows' implementation of the multimedia telephony protocol H.323 could lead to the ability to remotely execute arbitrary code on the system. Description Microsoft Windows' implementation of the H.323 protocol contains a buffer overflow in the handling of...
Microsoft Windows fails to properly create entries in the Local Descriptor Table (LDT)
Overview Microsoft Windows NT4.0 and Windows 2000 contain a vulnerability that could permit a local user to gain elevated privileges on the system. Description Microsoft Windows NT4.0 and Windows 2000 provide an API to the kernel to create Local Descriptor Tables LDT for applications. A failure t...
Microsoft LSA Service contains buffer overflow in DsRolepInitializeLog() function
Overview The Windows Local Security Authority Service Server LSASS contains a vulnerability that may permit an attacker to completely compromise the system. Description A buffer overflow vulnerability exists in a Microsoft Active Directory service logging function that is exposed by the LSASS...
Microsoft Windows ASN.1 library contains a memory management vulnerability
Overview Microsoft's ASN.1 library contains a memory management error that could be exploited by a remote attacker to cause a denial-of-service situation, or execute arbitrary code. Description Microsoft's ASN.1 library contains a memory management error, potentially a "double-free" condition. By...
Microsoft Windows logon process fails contains a buffer overflow during the logon process
Overview The Windows Logon process Winlogon contains a vulnerability that may permit a remote attacker to execute arbitrary code on the system. Description The Windows logon process Winlogon containss a buffer overflow vulnerability during the processeing of the domain value. It fails to perform...
Microsoft Jet Database Engine database request handling buffer overflow
Overview The Microsoft Jet Database Engine Jet provides data access functionality to a number of other Microsoft and many third party applications. A buffer overflow vulnerability exists in the Jet Database Engine that could allow a remote attacker to execute code of their choosing on an affected...
BEA WebLogic Server stores administrator password in clear text in config.xml
Overview BEA WebLogic Server stores the administrator password used to boot the server in clear text within the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing distributed...
MPlayer contains a buffer overflow in the HTTP parser
Overview MPlayer fails to properly allocate a memory buffer for URL strings containing characters that need to be escaped. Description MPlayer is a movie player for Linux and other Unix-based operating systems. MPlayer fails to properly allocate a memory buffer for URL strings containing characte...
KAME Racoon IKE daemon fails to properly verify client RSA signatures
Overview The KAME Racoon IKE daemon fails to properly verify client RSA signatures when using Main or Aggressive Mode during a Phase 1 IKE exchange. Description Racoon is an IKE Key Management daemon that negotiates and configures a set of parameters for IPSec. When authenticating a peer in Phase...
BEA WebLogic Server fails to properly associate the user identity on subsequent client connections
Overview BEA WebLogic Server fails to properly associate a user's identity when a client attempts to connect multiple times using different client certificates. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating,...
Cisco WLSE and HSE devices contain hardcoded username and password
Overview A default account with a common username and password exists in two Cisco products. An attacker with knowledge of this account information can compromise any of these devices on the network. Description A default account with a known, fixed username and password combination exists in som...
Monit fails to properly handle overly long HTTP requests
Overview Monit is vulnerable to a buffer overflow when processing overly long HTTP requests. Description Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. There is a buffer...
Monit fails to properly handle negative Content-Length fields
Overview Monit fails to properly handle HTTP requests containing a negative Content-Length field. Description Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. When processi...
Outlook Express MHTML protocol handler does not properly validate source of alternate content
Overview The Outlook Express MIME Encapsulation of Aggregate HTML Documents MHTML protocol handler does not adequately validate the source of alternate content. An attacker could exploit this vulnerability to access data and execute script in different security domains. By causing script to be ru...
Sun Solaris contains a vulnerability in the tcsetattr() library function
Overview A vulnerability in the Sun Solaris tcsetattr library function could allow a unprivileged local user to cause the system to hang. Description Sun Solaris uses a tcsetattr library function to set the parameters associated with the terminal. There is an unspecified vulnerability in the...
Cisco 6000/6500/7600 series systems fail to properly process layer 2 frames
Overview Cisco 6000/6500/7600 series systems with Multilayer Switch Feature Card 2 MSFC2 fail to properly process layer 2 frames. Description Cisco 6000/6500/7600 series systems with MSFC2 contain a vulnerability in the way layer 2 frames are processed in software. By sending a specially crafted...
Cisco Catalyst reboots in response to an SSH "protocol mismatch" error
Overview Multiple versions of Cisco Catalyst switches contain a denial-of-service vulnerability that allows unauthenticated remote users to restart an affected device. Description Cisco Catalyst switches in the 6000, 5000, and 4000 series contain a vulnerability in their SSH support component. Th...
Ethereal contains multiple vulnerabilities in the UCP protocol dissector
Overview Ethereal contains multiple buffer overflows in the Universal Control Protocol UCP protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes the ability to...
Ethereal fails to properly decode Transaction IDs within TCAP packets
Overview Ethereal contains a vulnerability in the way the Transaction Capabilities Application Part TCAP protocol dissector parses ASN.1 encoded Transaction IDs within TCAP packets. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing TC...
Ethereal IrDA dissector plugin fails to properly parse IRCOM_PORT_NAME parameter
Overview Ethereal contains a vulnerability in the way the Infrared Data Association IrDA dissector plugin parses the IRCOMPORTNAME parameter. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing IrDA data. There is a vulnerability in the...
Norton AntiSpam contains boundary error within the "SymSpamHelper Class" (symspam.dll) ActiveX component.
Overview Symantec's Norton AntiSpam is a software package that provides spam filtering. A vulnerability in an ActiveX control that ships with Norton AntiSpam may permit a remote attacker to execute arbitrary code on the local system. Description Symantec Norton AntiSpam for Windows installs the...
Ethereal ISUP protocol dissector fails to properly decode ISUP packets
Overview Ethereal fails to properly decode ISDN User Part ISUP packets containing an overly long Interworking Function Address IWFA value. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing ISUP data. There is a vulnerability in the wa...
Ethereal fails to properly decode BGP packets containing MPLS IPv6 labels
Overview Ethereal contains a vulnerability in the way the Border Gateway Protocol BGP protocol dissector decodes Multiprotocol Label Switching MPLS IPv6 labels. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing BGP data. According to...
Norton "WrapNISUM Class" (WrapUM.dll) ActiveX control allows remote arbitrary command execution
Overview Symantec's Norton Internet Security 2004 Professional is a software package that provides antivirus, antispam, and personal firewall applications. A vulnerability in an Symantec's Norton Internet Security 2004 suite may permit a remote attacker to execute arbitrary commands on the local...
Ethereal fails to properly handle a zero-length Presentation protocol selector
Overview Ethereal fails to properly handle a zero-length Presentation protocol selector, which could cause Ethereal to crash. Description Ethereal is a network traffic analysis package. There is a vulnerability in the way Ethereal processes a zero-length Presentation protocol selector. Exploitati...
Common Desktop Environment (CDE) dtlogin XDMCP parser improperly deallocates memory
Overview A "double-free" vulnerability in the CDE dtlogin program could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description The Common Desktop Environment CDE is an integrated graphical user interface that runs on UNIX and Linux...
Ethereal integer underflow when parsing malformed PGM packets with NAK lists
Overview Ethereal fails to properly parse Pragmatic General Multicast PGM packets containing a crafted negative acknowledgement NAK list. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing PGM data. There is a vulnerability in the way...
Ethereal contains multiple vulnerabilities in the EIGRP protocol dissector
Overview Ethereal contains multiple vulnerabilities in the Enhanced Interior Gateway Routing Protocol EIGRP protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes t...
Ethereal contains multiple vulnerabilities in the IGAP protocol dissector
Overview Ethereal contains multiple buffer overflows in the Internet Group Membership Authentication Protocol IGAP protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It...
Ethereal fails to properly parse NetFlow UDP packets with an overly large template_entry count
Overview Ethereal fails to properly parse v9template structures in NetFlow UDP packets with an overly large templateentry count. This could allow an attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing...
Ethereal fails to properly handle malformed color filter files
Overview Ethereal fails to properly handle malformed color filter files, which could allow an attacker to cause a segmentation fault. Description Ethereal is a network traffic analysis package. It provides a feature that allows a user to customize the foreground and background colors of packet...
Ethereal crashes when processing malformed RADIUS packets
Overview Ethereal contains a vulnerability in the way it processes Remote Authentication Dial In User Service RADIUS packets. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing RADIUS data. There is a vulnerability that causes Ethereal...
Apache HTTP Server vulnerable to DoS race condition in the handling of short-lived connections
Overview A race condition exists in Apache 2 HTTP Server that may cause a denial-of-service condition on some platforms. Description Apache HTTP Server versions 2.0.48 and prior contain a race condition in the handling of short-lived connections. According to the Apache anouncement, when using...
util-linux login program discloses sensitive information
Overview util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information. Description util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, su...
HP-UX CDE library libDtSvc contains unspecified buffer overflow
Overview CDE, the default X Windows environment in HP-UX, ships with a libraray called libDtSvc. It has a locally-exploitable buffer overflow in some versions. Description Please see HP Security Bulletin HPSBUX0401-308 SSRT3492 for more details. --- Impact A local user may be able to gain...
SSH Tectia Server contains a race condition when the password change plugin is enabled
Overview SSH Tectia Server contains a race condition that may permit an authenticated user access to the private key of the server. Exploitation of this vulnerability may lead to the ability to compromise the trust relationships of the vulnerable server. Description SSH Tectia Server versions 4.0...
ModSecurity for Apache vulnerable to off-by-one overflow when directive "SecFilterScanPost" is enabled
Overview A vulnerability in the modsecurity module for Apache may permit a remote attacker to execute arbitrary code on the vulnerable web server. Description ModSecurity is an open source intrusion detection and prevention engine for web applications. The modsecurity module for Apache 2.0.X...