Oracle Application Server Web Cache contains heap overflow vulnerability

Overview Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution. Description The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web...

Internet Security Systems Protocol Analysis Module (PAM) does not properly handle ICQ server response messages

Overview The Protocol Analysis Module PAM used by Internet Security Systems ISS intrusion detection and prevention products does not properly handle ICQ server response messages. An unauthenticated, remote attacker could execute arbitrary code by sending a specially crafted UDP packet. Descriptio...

F-Secure Anti-Virus for Linux fails to properly detect Sober.D virus

Overview F-Secure Anti-Virus for Linux contains a flaw that may prevent it from properly detecting the Sober.D virus. A hotfix for this vulnerability has been released. Description F-Secure Anti-Virus version 4.52 for Linux contains a flaw that may prevent it from properly detecting the Sober.D...

OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake

Overview OpenSSL contains a vulnerability in code that processes SSL/TLS handshakes when configured to use the Kerberos cipher suites. This vulnerability could allow a remote attacker to cause OpenSSL to crash. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Securi...

OpenSSL does not properly handle unknown message types

Overview OpenSSL does not properly handle unknown message types, allowing an unauthenticated, remote attacker to cause a denial of service. This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS...

OpenSSL contains null-pointer assignment in do_change_cipher_spec() function

Overview OpenSSL contains a null-pointer assignment in the dochangecipherspec function which could allow a remote, unauthenticated attacker to cause OpenSSL to crash. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general...

cPanel fails to verify input passed to the "user" parameter

Overview A remotely exploitable vulnerability in CPanel's password reset and login scripts may allow a remote attacker to gain control of the vulnerable system. Description Cpanel is an application that provides the ability to manage accounts and provides an interface to the end users of web...

Apple Mac OS X "cd9660.util" buffer overflow

Overview A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system. Description Apple's Mac OS X operating...

Microsoft MSN Messenger fails to properly validate file requests

Overview Microsoft MSN Messenger fails to properly validate file requests which could allow an attacker to view the contents of files on the victim's system. Description Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with friends using text messages,...

Microsoft Windows Media Services fails to properly validate TCP requests

Overview Microsoft Windows Media Services fails to properly validate TCP requests which could allow a remote, unauthenticated attacker to cause the services to refuse new TCP connections. Description Microsoft Windows Media Services is an optional component that provides the ability to deliver...

Linux kernel mremap(2) system call does not properly check return value from do_munmap() function

Overview A vulnerability in the Linux mremap2 system call could allow an authenticated, local attacker to execute arbitrary code with root privileges. Description The Linux kernel uses a linked list of vitrual memory area VMA descriptors to reference valid regions of the page table for a given...

Libxml2 URI parsing errors in nanohttp and nanoftp

Overview Libxml is the XML parser for Gnome, a desktop suite and development platform for Linux systems. Libxml2, the latest version of the library as of this writing, has a buffer overflow vulnerability which may allow execution of arbitrary code. Description Gnome, a desktop suite and developme...

Microsoft Outlook fails to properly filter parameters passed via "mailto:" URL

Overview A vulnerability in the way that Microsoft Outlook 2002 handles a certain type of hyperlink could allow a remote attacker to execute arbitrary code on the vulnerable system. Description Microsoft Outlook provides a centralized application for managing and organizing e-mail messages,...

Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length

Overview There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. Description The Linux kernel contains a vulnerability in the domremap call that allows software to create a virtual memory area VMA with a length of 0 bytes. This...

NetScreen Instant Virtual Extranet (IVE) platform contains cross-site scripting vulnerability in delhomepage.cgi

Overview NetScreen Instant Virtual Extranet IVE platform contains a cross-site scripting vulnerability in the row parameter of delhomepage.cgi, which could allow an attacker to mount a cross-site scripting attack. Description The Instant Virtual Extranet platform is an application security gatewa...

IBM Net.Data db2www CGI interpreter fails to properly validate requested macro filenames

Overview IBM Net.Data fails to properly validate user input passed to the db2www CGI interpreter, which could allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description IBM Net.Data is a scripting language used to create web applications. Net.Data macros are...

Apple Mac OS X TruBlueEnvironment vulnerable to buffer overflow

Overview Apple Mac OS X contains a buffer overflow in TruBlueEnvironment which could allow a local, authenticated attacker to execute arbitrary code with root privileges. Description Mac OS X allows older Macintosh applications to run in an environment called Classic. TruBlueEnvironment is part o...

NTP service vulnerable to internal overflow if date / time offset is greater than 34 years

Overview NTP Network TIme Protocol contains an integer overflow vulnerability that may lead to clients receiving an incorrect date/time offset. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time with a reference server. The server wi...

Sun Solaris passwd command allows for privilege escalation

Overview Sun Solaris contains a vulnerability in the passwd1 command which could allow for privilege escalation. Description The passwd command is used to update a user's authentication tokens. There is non-specific vulnerability identified in Sun Security Alert ID: 57454. This vulnerability coul...

Cisco CSS 11000 Series Content Services Switch vulnerable to DoS via malformed UDP packets

Overview Several models of the Cisco Content Services Switch contain a vulnerability in their management interface that allows an attacker to restart the switch, resulting in a denial of service attack. Description The Cisco CSS 11000 Series Content Services Switches contain a vulnerability in...

Solaris conv_fix insecure file handling vulnerability

Overview A vulnerability in a program supplied with the Solaris printing system could allow a local attacker to gain elevated privileges on the system. Description The Solaris operating system from Sun Microsystems includes a number of supplemental programs to aid in configuration and maintenance...

FreeBSD fails to limit number of TCP segments held in reassembly queue

Overview FreeBSD fails to limit the number of TCP segments held in a reassembly queue which could allow an attacker to exhaust all available memory buffers mbufs on the destination system resulting in a denial-of-service condition. Description The Transmission Control Protocol TCP is part of the...

WinZip vulnerable to buffer overflow in handling of MIME archive parameters

Overview A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system. Description WinZip Computing, Inc.'s WinZip is a popular utility for creating and extracting a variety of archive file formats on Microsoft Windows-based...

Oracle9i Database contains buffer overflow in TIME_ZONE session parameter

Overview Oracle9i Database contains a buffer overflow in the TIMEZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description The TIMEZONE parameter is a session parameter that specifie...

Oracle9i Database contains buffer overflow in FROM_TZ() function

Overview Oracle9i Database contains a buffer overflow in the FROMTZ function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the FROMTZ function. This function is...

Internet Security Systems' BlackICE and RealSecure contain a heap overflow in the processing of SMB packets

Overview Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user. Description...

Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL() function

Overview Oracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTOYMINTERVAL function. Thi...

Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function

Overview Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTODSINTERVAL function. Thi...

Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains format string vulnerability

Overview Apple Mac OS X Point-to-Point Protocol daemon contains a format string vulnerability in the handling of invalid command line arguments. Description The Point-to-Point Protocol PPP provides a method for transmitting datagrams over serial point-to-point links. There is a format string...

Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests

Overview Apple Quicktime/Darwin Streaming Server fails to properly parse DESCRIBE requests containing overly large User-Agent fields. This could allow an unauthenticated, remote attacker to cause a denial-of-service condition. Description Apple's QuickTime and Darwin Streaming Server is software...

Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media

Overview Apple Mac OS X contains a vulnerability in the way DiskArbitration initializes writable removable media. Description The DiskArbitration Server in Apple Mac OS X tracks new disks and provides notifications announcing their availability. There is a non-specific vulnerability identified as...

Apple Mac OS X Safari fails to properly display URLs in the status bar

Overview Apple Mac OS X Safari fails to properly display URLs in the status bar. Description Safari is a web browser for the Macintosh platform. There is an unspecified vulnerability in the way Safari displays URLs in the status bar. --- Impact The complete impact of this vulnerability is not yet...

Zone Labs desktop security products fail to properly validate RCPT TO command argument

Overview Zone Labs desktop security products contains a buffer overflow in the code that processes the RCPT TO command argument. This could allow an attacker to execute arbitrary code with SYSTEM privileges. Description Zone Labs offers a suite of desktop security products. These products provide...

metamail contains multiple buffer overflow vulnerabilities

Overview Multiple buffer overflows in the metamail package could allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the first widely...

Microsoft Virtual PC for Mac insecurely handles temporary file

Overview A component program of Microsoft Virtual PC for Mac uses an insecure method for handling a temporary file. This could allow an attacker with local system access to gain elevated privileges. Description Microsoft Virtual PC for Mac is a product that allows users of the Apple MacOS X...

metamail contains multiple format string vulnerabilities

Overview Multiple format string vulnerabilities in the metamail package could allow a remote attacker to execute arbitrary code on the vulnerable system. An attacker may be able to exploit these vulnerabilities via a specially-crafted email message. Description The metamail package is one of the...

Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets

Overview Microsoft Windows Internet Naming Service WINS fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition. Description The Windows Internet Naming Service WINS maps IP addresses to NETBIO...

IMail Server LDAP daemon buffer overflow

Overview A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system. Description A buffer overflow flaw exists in the way that the Lightweight Directory Access Protocol LD...

Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values

Overview The Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values which could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Description Abstract Syntax Notation number One ASN.1 is an international standard used to describe and...

Microsoft ASN.1 Library improperly decodes constructed bit strings

Overview The Microsoft ASN.1 Library improperly decodes constructed bit strings which could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Description Abstract Syntax Notation number One ASN.1 is an international standard used to describe and transmit...

Multiple Real media players vulnerable to buffer overflow when parsing crafted media files

Overview Multiple Real media players vulnerable to buffer overflow when parsing certain media files which may permit an attacker to execute arbitrary code on the user's system. Description RealNetworks Real media players are multimedia applications that allow users to view local and remote...

Multiple Real media players fail to properly validate RMP files

Overview Multiple Real media players fail to properly validate RealJukebox Metadata Package RMP files which may permit an attacker to download and execute arbitrary code on the user's system. Description RealNetworks Real media players are multimedia applications that allow users to view local an...

Multiple Real media players fail to properly validate SMIL files

Overview Multiple Real media players fail to properly validate synchronized multimedia integration language SMIL files which may permit a remote attacker to gain sensitive information. Description RealNetworks Real media players are multimedia applications that allow users to view local and remot...

HTTP Parsing Vulnerabilities in Check Point Firewall-1

Overview Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges. Description The HTTP Security Servers component of Check Point Firewall-1 contains an HTTP parsing vulnerability that is triggered by...

GNU Radius accounting service fails to properly handle exceptional Acct-Status-Type and Acct-Session-Id attributes

Overview The GNU Radius accounting service fails to properly handle packets with exceptional Acct-Status-Type and Acct-Session-Id attributes. Description GNU Radius is a software package used for remote user authentication and accounting. There is a vulnerability in the way the radprintrequest...

Check Point ISAKMP vulnerable to buffer overflow via Certificate Request

Overview A buffer overflow vulnerability exists in the Internet Security Association and Key Management Protocol ISAKMP implementation used in Check Point VPN-1, SecuRemote, and SecureClient products. An unauthenticated, remote attacker could execute arbitrary code with the privileges of the ISAK...

Apache mod_alias vulnerable to buffer overflow via crafted regular expression

Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...

Apache mod_rewrite vulnerable to buffer overflow via crafted regular expression

Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...

Microsoft Internet Explorer allows mouse events to manipulate window objects and perform "drag and drop" operations

Overview Microsoft Internet Explorer IE dynamic HTML DHTML mouse events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description In IE, certain DHT...

Microsoft Internet Explorer does not properly validate source of URL stored in Travel Log

Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs stored in the "Travel Log." An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacke...