3702 matches found
Ethereal fails to properly parse NetFlow UDP packets with an overly large template_entry count
Overview Ethereal fails to properly parse v9template structures in NetFlow UDP packets with an overly large templateentry count. This could allow an attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing...
Ethereal fails to properly handle malformed color filter files
Overview Ethereal fails to properly handle malformed color filter files, which could allow an attacker to cause a segmentation fault. Description Ethereal is a network traffic analysis package. It provides a feature that allows a user to customize the foreground and background colors of packet...
Ethereal integer underflow when parsing malformed PGM packets with NAK lists
Overview Ethereal fails to properly parse Pragmatic General Multicast PGM packets containing a crafted negative acknowledgement NAK list. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing PGM data. There is a vulnerability in the way...
HP-UX CDE library libDtSvc contains unspecified buffer overflow
Overview CDE, the default X Windows environment in HP-UX, ships with a libraray called libDtSvc. It has a locally-exploitable buffer overflow in some versions. Description Please see HP Security Bulletin HPSBUX0401-308 SSRT3492 for more details. --- Impact A local user may be able to gain...
ModSecurity for Apache vulnerable to off-by-one overflow when directive "SecFilterScanPost" is enabled
Overview A vulnerability in the modsecurity module for Apache may permit a remote attacker to execute arbitrary code on the vulnerable web server. Description ModSecurity is an open source intrusion detection and prevention engine for web applications. The modsecurity module for Apache 2.0.X...
SSH Tectia Server contains a race condition when the password change plugin is enabled
Overview SSH Tectia Server contains a race condition that may permit an authenticated user access to the private key of the server. Exploitation of this vulnerability may lead to the ability to compromise the trust relationships of the vulnerable server. Description SSH Tectia Server versions 4.0...
util-linux login program discloses sensitive information
Overview util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information. Description util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, su...
Oracle Application Server Web Cache contains heap overflow vulnerability
Overview Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution. Description The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web...
Internet Security Systems Protocol Analysis Module (PAM) does not properly handle ICQ server response messages
Overview The Protocol Analysis Module PAM used by Internet Security Systems ISS intrusion detection and prevention products does not properly handle ICQ server response messages. An unauthenticated, remote attacker could execute arbitrary code by sending a specially crafted UDP packet. Descriptio...
F-Secure Anti-Virus for Linux fails to properly detect Sober.D virus
Overview F-Secure Anti-Virus for Linux contains a flaw that may prevent it from properly detecting the Sober.D virus. A hotfix for this vulnerability has been released. Description F-Secure Anti-Virus version 4.52 for Linux contains a flaw that may prevent it from properly detecting the Sober.D...
OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake
Overview OpenSSL contains a vulnerability in code that processes SSL/TLS handshakes when configured to use the Kerberos cipher suites. This vulnerability could allow a remote attacker to cause OpenSSL to crash. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Securi...
OpenSSL contains null-pointer assignment in do_change_cipher_spec() function
Overview OpenSSL contains a null-pointer assignment in the dochangecipherspec function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general...
OpenSSL does not properly handle unknown message types
Overview OpenSSL does not properly handle unknown message types, allowing an unauthenticated, remote attacker to cause a denial of service. This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS...
cPanel fails to verify input passed to the "user" parameter
Overview A remotely exploitable vulnerability in CPanel's password reset and login scripts may allow a remote attacker to gain control of the vulnerable system. Description Cpanel is an application that provides the ability to manage accounts and provides an interface to the end users of web...
Apple Mac OS X "cd9660.util" buffer overflow
Overview A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system. Description Apple's Mac OS X operating...
Linux kernel mremap(2) system call does not properly check return value from do_munmap() function
Overview A vulnerability in the Linux mremap2 system call could allow an authenticated, local attacker to execute arbitrary code with root privileges. Description The Linux kernel uses a linked list of vitrual memory area VMA descriptors to reference valid regions of the page table for a given...
Microsoft MSN Messenger fails to properly validate file requests
Overview Microsoft MSN Messenger fails to properly validate file requests which could allow an attacker to view the contents of files on the victim's system. Description Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with friends using text messages,...
Microsoft Windows Media Services fails to properly validate TCP requests
Overview Microsoft Windows Media Services fails to properly validate TCP requests which could allow a remote, unauthenticated attacker to cause the services to refuse new TCP connections. Description Microsoft Windows Media Services is an optional component that provides the ability to deliver...
Microsoft Outlook fails to properly filter parameters passed via "mailto:" URL
Overview A vulnerability in the way that Microsoft Outlook 2002 handles a certain type of hyperlink could allow a remote attacker to execute arbitrary code on the vulnerable system. Description Microsoft Outlook provides a centralized application for managing and organizing e-mail messages,...
NetScreen Instant Virtual Extranet (IVE) platform contains cross-site scripting vulnerability in delhomepage.cgi
Overview NetScreen Instant Virtual Extranet IVE platform contains a cross-site scripting vulnerability in the row parameter of delhomepage.cgi, which could allow an attacker to mount a cross-site scripting attack. Description The Instant Virtual Extranet platform is an application security gatewa...
Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length
Overview There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. Description The Linux kernel contains a vulnerability in the domremap call that allows software to create a virtual memory area VMA with a length of 0 bytes. This...
Libxml2 URI parsing errors in nanohttp and nanoftp
Overview Libxml is the XML parser for Gnome, a desktop suite and development platform for Linux systems. Libxml2, the latest version of the library as of this writing, has a buffer overflow vulnerability which may allow execution of arbitrary code. Description Gnome, a desktop suite and developme...
Apple Mac OS X TruBlueEnvironment vulnerable to buffer overflow
Overview Apple Mac OS X contains a buffer overflow in TruBlueEnvironment which could allow a local, authenticated attacker to execute arbitrary code with root privileges. Description Mac OS X allows older Macintosh applications to run in an environment called Classic. TruBlueEnvironment is part o...
IBM Net.Data db2www CGI interpreter fails to properly validate requested macro filenames
Overview IBM Net.Data fails to properly validate user input passed to the db2www CGI interpreter, which could allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description IBM Net.Data is a scripting language used to create web applications. Net.Data macros are...
Cisco CSS 11000 Series Content Services Switch vulnerable to DoS via malformed UDP packets
Overview Several models of the Cisco Content Services Switch contain a vulnerability in their management interface that allows an attacker to restart the switch, resulting in a denial of service attack. Description The Cisco CSS 11000 Series Content Services Switches contain a vulnerability in...
NTP service vulnerable to internal overflow if date / time offset is greater than 34 years
Overview NTP Network TIme Protocol contains an integer overflow vulnerability that may lead to clients receiving an incorrect date/time offset. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time with a reference server. The server wi...
Sun Solaris passwd command allows for privilege escalation
Overview Sun Solaris contains a vulnerability in the passwd1 command which could allow for privilege escalation. Description The passwd command is used to update a user's authentication tokens. There is non-specific vulnerability identified in Sun Security Alert ID: 57454. This vulnerability coul...
Solaris conv_fix insecure file handling vulnerability
Overview A vulnerability in a program supplied with the Solaris printing system could allow a local attacker to gain elevated privileges on the system. Description The Solaris operating system from Sun Microsystems includes a number of supplemental programs to aid in configuration and maintenance...
FreeBSD fails to limit number of TCP segments held in reassembly queue
Overview FreeBSD fails to limit the number of TCP segments held in a reassembly queue which could allow an attacker to exhaust all available memory buffers mbufs on the destination system resulting in a denial-of-service condition. Description The Transmission Control Protocol TCP is part of the...
WinZip vulnerable to buffer overflow in handling of MIME archive parameters
Overview A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system. Description WinZip Computing, Inc.'s WinZip is a popular utility for creating and extracting a variety of archive file formats on Microsoft Windows-based...
Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL() function
Overview Oracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTOYMINTERVAL function. Thi...
Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function
Overview Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTODSINTERVAL function. Thi...
Oracle9i Database contains buffer overflow in TIME_ZONE session parameter
Overview Oracle9i Database contains a buffer overflow in the TIMEZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description The TIMEZONE parameter is a session parameter that specifie...
Internet Security Systems' BlackICE and RealSecure contain a heap overflow in the processing of SMB packets
Overview Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user. Description...
Oracle9i Database contains buffer overflow in FROM_TZ() function
Overview Oracle9i Database contains a buffer overflow in the FROMTZ function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the FROMTZ function. This function is...
Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains format string vulnerability
Overview Apple Mac OS X Point-to-Point Protocol daemon contains a format string vulnerability in the handling of invalid command line arguments. Description The Point-to-Point Protocol PPP provides a method for transmitting datagrams over serial point-to-point links. There is a format string...
Apple Mac OS X Safari fails to properly display URLs in the status bar
Overview Apple Mac OS X Safari fails to properly display URLs in the status bar. Description Safari is a web browser for the Macintosh platform. There is an unspecified vulnerability in the way Safari displays URLs in the status bar. --- Impact The complete impact of this vulnerability is not yet...
Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests
Overview Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests containing overly large User-Agent fields. This could allow an unauthenticated, remote attacker to cause a denial-of-service condition. Description Apple's QuickTime and Darwin Streaming Server is software...
Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media
Overview Apple Mac OS X contains a vulnerability in the way DiskArbitration initializes writable removable media. Description The DiskArbitration Server in Apple Mac OS X tracks new disks and provides notifications announcing their availability. There is a non-specific vulnerability identified as...
Zone Labs desktop security products fail to properly validate RCPT TO command argument
Overview Zone Labs desktop security products contains a buffer overflow in the code that processes the RCPT TO command argument. This could allow an attacker to execute arbitrary code with SYSTEM privileges. Description Zone Labs offers a suite of desktop security products. These products provide...
metamail contains multiple buffer overflow vulnerabilities
Overview Multiple buffer overflows in the metamail package could allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the first widely...
Microsoft Virtual PC for Mac insecurely handles temporary file
Overview A component program of Microsoft Virtual PC for Mac uses an insecure method for handling a temporary file. This could allow an attacker with local system access to gain elevated privileges. Description Microsoft Virtual PC for Mac is a product that allows users of the Apple MacOS X...
metamail contains multiple format string vulnerabilities
Overview Multiple format string vulnerabilities in the metamail package could allow a remote attacker to execute arbitrary code on the vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the...
IMail Server LDAP daemon buffer overflow
Overview A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system. Description A buffer overflow flaw exists in the way that the Lightweight Directory Access Protocol LD...
Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets
Overview Microsoft Windows Internet Naming Service WINS fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition. Description The Windows Internet Naming Service WINS maps IP addresses to NETBIO...
Microsoft ASN.1 Library improperly decodes constructed bit strings
Overview The Microsoft ASN.1 Library improperly decodes constructed bit strings which could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Description Abstract Syntax Notation number One ASN.1 is an international standard used to describe and transmit...
Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values
Overview The Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values which could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Description Abstract Syntax Notation number One ASN.1 is an international standard used to describe and...
Multiple Real media players fail to properly validate RMP files
Overview Multiple Real media players fail to properly validate RealJukebox Metadata Package RMP files which may permit an attacker to download and execute arbitrary code on the user's system. Description RealNetworks Real media players are multimedia applications that allow users to view local an...
Multiple Real media players vulnerable to buffer overflow when parsing crafted media files
Overview Multiple Real media players vulnerable to buffer overflow when parsing certain media files which may permit an attacker to execute arbitrary code on the user's system. Description RealNetworks Real media players are multimedia applications that allow users to view local and remote...
Multiple Real media players fail to properly validate SMIL files
Overview Multiple Real media players fail to properly validate synchronized multimedia integration language SMIL files which may permit a remote attacker to gain sensitive information. Description RealNetworks Real media players are multimedia applications that allow users to view local and remot...