KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader

Overview KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands. Description KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains ...

Sun Solaris allows unprivileged local user to load arbitrary kernel modules

Overview Sun Solaris allows an unprivileged local user to load arbitrary kernel modules. Description Sun Solaris supports loadable kernel modules LKMs. LKMs are pieces of code that can be dynamically loaded and unloaded into the kernel. Sun Solaris contains a vulnerability that could allow an...

HP-UX shar utility creates files with predictable names in "/tmp" directory

Overview The shar program distributed with some versions of the HP-UX operating system creates files insecurely. This vulnerability could allow local users to gain escalated privilege on the system. Description shar is a program commonly available on UNIX systems to create a shell script that wil...

NetScreen-Security Manager fails to encrypt communications with managed devices

Overview A vulnerability in the NetScreen-Security Manager software could expose sensitive information in cleartext over the network. Description NetScreen Technologies' NetScreen-Security Manager provides centralized management for control of device configuration, network settings and security...

Cisco default install of IBM Director agent fails to authenticate users for remote administration

Overview Cisco IBM Director agent fails to authenticate users for remote administration. Description Cisco voice products e.g. CallManager, IP Interactive Voice Response, IP Call Center Express that run on IBM servers install IBM Director agent to provide administrative management. The default...

Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp

Overview Cisco IBM Director agent does not properly handle arbitrary TCP packets to port 14247/tcp. Description Cisco voice products e.g. CallManager, IP Interactive Voice Response, IP Call Center Express that run on IBM servers install IBM Director agent to provide administrative management. The...

Microsoft Exchange Server 2003 fails to assign user credentials to proper mailbox

Overview A flaw in the authentication mechanism that Microsoft Exchange Server 2003 uses for Outlook Web Access users in some configurations could expose another user's mailbox. Description Outlook Web Access OWA is a feature of Microsoft Exchange Server 2003. By using OWA, a server that is runni...

Red Hat Enterprise Linux kernel-2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode

Overview Red Hat Enterprise Linux kernel prior to version 2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode. This could allow a local user to gain elevated or root privileges. Description The Linux kernel handles the basic functionality of the operating...

Multiple tools within the Netpbm package create temporary files in an insecure manner

Overview Multiple tools within the Netpbm package create temporary files in an insecure manner. Description Netpbm is a toolkit that contains over 220 separate tools for manipulating graphic images. Multiple tools within the Netpbm package create temporary files insecurely. --- Impact A local...

OpenCA libCheckSignature function fails to properly verify the signature of certificates

Overview OpenCA may accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA. Description The OpenCA PKI Development Project is a Certification Authority. A vulnerability exists in the way the libCheckSignature function compares the certificate ...

Microsoft Data Access Components (MDAC) contains buffer overflow

Overview Microsoft Data Access Components MDAC contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a denial of service. Description From Microsoft Security Bulletin MS04-003:Microsoft Data Access Components MDAC is a collection of...

tcpdump contains vulnerability in ISAKMP decoding function rawprint() in print-isakmp.c

Overview tcpdump contains a vulnerability in the way it parses Internet Security Association and Key Management Protocol ISAKMP packets. Description tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way the tcpdump rawprint function...

tcpdump contains vulnerability in RADIUS decoding function print_attr_string() in print-radius.c

Overview tcpdump contains a vulnerability in the way it parses Remote Authentication Dial In User Service RADIUS packets. Description tcpdump is a widely used network sniffer that is capable of decoding RADIUS packets. A vulnerability exists in the way the tcpdump printattrstring function in...

tcpdump contains vulnerability in ISAKMP decoding routine

Overview tcpdump contains a vulnerability in the way it decodes Internet Security Association and Key Management Protocol ISAKMP packets. Description tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way tcpdump parses specially...

PostgreSQL VACUUM command allows unprivileged user to remove database transaction log data

Overview The PostgreSQL VACUUM command contains a vulnerability that allows an unprivileged user to remove database transaction log data. This may result in unrecoverable data loss. Description PostgreSQL is a database management system. The PostgreSQL VACUUM command is used to clean out records...

Sun Solaris tcsh(1) contains vulnerability in the built-in ls-F command

Overview Sun Solaris tcsh1 contains a vulnerability in the built-in ls-F command that could allow an unprivileged user to create or remove files or gain privileges of another user. Description A vulnerability in the built-in ls-F command of the Sun Solaris tcsh1 may allow an intruder to create or...

ISC InterNetNews (INN) contains buffer overflow in ARTpost() function

Overview The Internet Software Consortium's ISC InterNetNews INN is a Usenet application. A vulnerability in INN may permit a remote attacker to compromise the system. Description Version 2.4.0 of ISC's InterNetNews package contains a Network News Transfer Protocol NNTP server that contains a...

Whale Communications e-Gap security appliance discloses source code via HTTP TRACE Method

Overview Whale communications e-Gap security appliance is a tool to provide a secure remote web access platform. A vulnerability exists that may permit a remote attacker to gain access to the source code of the login page. Description Whale communications e-Gap security appliance version 2.5...

Multiple vulnerabilities in H.323 implementations

Overview A number of vulnerabilities have been discovered in various implementations of the multimedia telephony protocols H.323 and H.225. Voice over Internet Protocol VoIP and video conferencing equpiment and software can use these protocols to interoperate over a variety of computer networks...

Microsoft Internet Information Server (IIS) vulnerable to cross-site scripting via HTTP TRACK method

Overview Microsoft Internet Information Server IIS servers support a HTTP method called TRACK. The HTTP TRACK method returns the contents of client HTTP requests in the entity-body of the TRACK response. This behavior could be leveraged by attackers to access sensitive information, such as cookie...

GnuPG creates ElGamal keys for signing using insufficient entropy

Overview Gnu Privacy Guard GnuPG is a cryptographic utility used to generate cryptographic keys and perform other cryptographic functions. A vulnerability in the way GnuPG generates ElGamal keys has been discovered. This vulnerability renders ElGamal signing key untrustworthy. Description A...

Apple QuickTime/Darwin Streaming Server integer overflow in MP3Broadcaster utility

Overview Apple's QuickTime and Darwin Streaming Server DSS package includes a utility called MP3Broadcaster. This utility contains an integer overflow which may be exploited to cause a denial of service. Description Apple's QuickTime and Darwin Streaming Server is software which provides integrat...

DameWare Mini Remote Control vulnerable to buffer overflow via specially crafted packets

Overview DameWare Mini Remote Control is a lightweight remote control intended primarily for administrators and help desks for management of desktop systems. A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system. Description...

Microsoft Internet Explorer does not properly display URLs

Overview Microsoft Internet Explorer does not properly display the location of HTML documents. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the address bar. Users expe...

Cisco ACNS contains buffer overflow vulnerability in the authentication module when supplied an overly long password

Overview Cisco Application and Content Networking Software ACNS contains a buffer overflow that may enable an attacker to execute arbitrary code on the affected device. Description Cisco ACNS Software "...combines demand-pull caching and pre-positioning for accelerated delivery of web application...

Multiple web-based email services fail to filter malicious characters when the message contains cascading style sheet character escaping

Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., active content, or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript whi...

Integer overflow vulnerability in rsync

Overview Some versions of the rsync program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system. Description rsync is an open source utility that provides fast incremental file transfer. It features the ability to...

Linux kernel do_brk() function contains integer overflow

Overview A vulnerability in the linux kernel may permit a local user to gain elevated privileges. Description Versions of the Linux kernel prior to 2.4.23 an integer overflow vulnerability in the brk system call dobrk function. This vulnerability may be exploited by a local user to gain elevated ...

ISC BIND 8 vulnerable to cache poisoning via negative responses

Overview The BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains. Description Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this...

Microsoft Internet Explorer execCommand method does not properly validate URL source

Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary...

Microsoft Internet Explorer does not adequately validate javascript: protocol URL

Overview Microsoft Internet Explorer IE does not adequately validate javascript: protocol URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code wit...

Microsoft Internet Explorer does not properly validate URL sources

Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary...

Microsoft FrontPage Server Extensions contains denial of service vulnerability in the SmartHTML interpreter

Overview The Microsoft FrontPage Server Extensions contains a vulnerability that allows unauthenticated remote attackers to conduct denial of service attacks. Description Microsoft FrontPage Server Extensions FPSE is an optional set of tools that adds functionality to a web site. This functionali...

Microsoft FrontPage Server Extensions contains buffer overflow in remote debugging functionality

Overview Microsoft FrontPage Server Extensions contains a vulnerability that allows remote attackers to execute arbitrary code with local system privileges. Description Microsoft FrontPage Server Extensions FPSE is an optional set of tools that adds functionality to a web site. This functionality...

Microsoft Windows Workstation service vulnerable to buffer overflow when sent specially crafted network message

Overview A remotely exploitable vulnerability affects Microsoft Windows Systems. Exploitation of this vulnerability could permit the execution of arbitrary code on the system with elevated privileges. The exploit vector for this vulnerability is highly conducive to a worm or other automated...

Oracle command-line program buffer overflow in argument handling

Overview A buffer overflow in some command-line utilities supplied with the Oracle Database Server could allow a local user to gain the privileges of the oracle system user. Description The Oracle 9 i Database Server package includes the oracle and oracleO command-line client programs to connect ...

Multiple vulnerabilities in S/MIME implementations

Overview Multiple vulnerabilities exist in different vendors' S/MIME Secure/Multipurpose Internet Mail Extensions implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code. Description The U.K. National...

OpenSSL 0.9.6k does not properly handle ASN.1 sequences

Overview A vulnerability in the way OpenSSL handles ASN.1 elements could allow a remote attacker to cause a denial of service on systems running Microsoft Windows. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose...

CDE libDtHelp vulnerable to buffer overflow via DTHELPUSERSEARCHPATH or DTHELPSEARCHPATH

Overview There is a vulnerability in the Common Desktop Environment CDE for UNIX systems which can allow a local user to gain root privileges. Description The Common Desktop Environment CDE is a standard desktop environment for UNIX based systems. CDE libDtHelp contains a buffer overflow that can...

Multiple vulnerabilities in X.400 implementations

Overview Multiple vulnerabilities exist in different vendors' X.400 implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code. Description The U.K. National Infrastructure Security Co-ordination Center NISCC h...

Cisco Lightweight Extensible Authentication Protocol (LEAP) uses passwords that are vulnerable to dictionary attacks

Overview The Cisco LEAP protocol uses hashed passwords that are vulnerable to dictionary attacks. Successful attackers will be able to gain unauthorized access to affected networks. Description The Cisco Lightweight Extensible Authentication Protocol LEAP provides an authentication mechanism for...

Avaya Argent Office requests 'HoldMusic' file from broadcast address via TFTP

Overview This vulnerability allows unauthenticated users to upload call holding music to affected devices. Description The Avaya Argent Office sends broadcast TFTP requests to obtain a file named "HoldMusic" that is used to supply hold music for customers who dial into the device. Therefore, an...

Avaya Argent Office uses weak authentication for TFTP-based administrative control

Overview The Avaya Argent Office contains a weak authentication mechanism for administrative access. Description The Avaya Argent Office uses a TFTP-based mechanism to accept requests for administrative functions. By requesting "files" from the device via its internal interface, administrators ca...

Avaya Argent Office vulnerable to denial of service via malformed DNS packets

Overview The Avaya Argent Office reboots in response to certain malformed DNS packets, resulting in a denial of service condition. Description The Avaya Argent Office reboots when a packet with an empty payload is sent to UDP port 53 DNS on its internal interface. By sending repeated packets to...

Morpheus discloses username to remote users

Overview The usernames disclosed by the Morpheus peer-to-peer file sharing application do not present a security vulnerability. Description Morpheus is a peer-to-peer file sharing application that allows users to search for and download files from other Morpheus users. This product allegedly...

KaZaA Media Desktop discloses username to remote users

Overview The usernames disclosed by the KaZaA Media Desktop peer-to-peer file sharing application do not present a security vulnerability. Description The KaZaA Media Desktop is a peer-to-peer file sharing application that allows users to search for and download files from other KaZaA users. This...

Avaya Argent Office uses weak SNMP authentication mechanism

Overview The Avaya Argent Office does not properly enforce SNMP community string values, resulting in a weakened access control mechanism. Description The Avaya Argent Office does not properly enforce SNMP community string values. It will accept a null string i.e. as a valid community string and...

ProFTPD fails to properly handle newline characters when transferring files in ASCII mode

Overview ProFTPD is a popular free File Transfer Protocol FTP server package. A vulnerability in its handling of files transferred in ASCII mode can allow an attacker to compromise the system running the server. Description The File Transfer Protocol FTP described in RFC959 defines operations for...

Linux groff utility pic contains format string vulnerability

Overview The pic component of the image processing package groff contains a format string vulnerability that could allow a remote attacker to execute arbitrary code. Description groff is an image processing package on Linux systems. A component of groff called pic contains a format-string...

Microsoft contains a buffer overflow in the Local Troubleshooter ActiveX control (Tshoot.ocx)

Overview Microsoft Windows ships with a troubleshooting application to assist users with problems. A vulnerability in this application may permit a remote attacker to execute arbitrary code with the privileges of the current user. Description Microsoft Windows 2000 ships with an ActiveX control...