3702 matches found
Avaya Argent Office uses weak SNMP authentication mechanism
Overview The Avaya Argent Office does not properly enforce SNMP community string values, resulting in a weakened access control mechanism. Description The Avaya Argent Office does not properly enforce SNMP community string values. It will accept a null string i.e. as a valid community string and...
Avaya Argent Office vulnerable to denial of service via malformed DNS packets
Overview The Avaya Argent Office reboots in response to certain malformed DNS packets, resulting in a denial of service condition. Description The Avaya Argent Office reboots when a packet with an empty payload is sent to UDP port 53 DNS on its internal interface. By sending repeated packets to...
Avaya Argent Office requests 'HoldMusic' file from broadcast address via TFTP
Overview This vulnerability allows unauthenticated users to upload call holding music to affected devices. Description The Avaya Argent Office sends broadcast TFTP requests to obtain a file named "HoldMusic" that is used to supply hold music for customers who dial into the device. Therefore, an...
KaZaA Media Desktop discloses username to remote users
Overview The usernames disclosed by the KaZaA Media Desktop peer-to-peer file sharing application do not present a security vulnerability. Description The KaZaA Media Desktop is a peer-to-peer file sharing application that allows users to search for and download files from other KaZaA users. This...
ProFTPD fails to properly handle newline characters when transferring files in ASCII mode
Overview ProFTPD is a popular free File Transfer Protocol FTP server package. A vulnerability in its handling of files transferred in ASCII mode can allow an attacker to compromise the system running the server. Description The File Transfer Protocol FTP described in RFC959 defines operations for...
Linux groff utility pic contains format string vulnerability
Overview The pic component of the image processing package groff contains a format string vulnerability that could allow a remote attacker to execute arbitrary code. Description groff is an image processing package on Linux systems. A component of groff called pic contains a format-string...
Microsoft contains a buffer overflow in the Local Troubleshooter ActiveX control (Tshoot.ocx)
Overview Microsoft Windows ships with a troubleshooting application to assist users with problems. A vulnerability in this application may permit a remote attacker to execute arbitrary code with the privileges of the current user. Description Microsoft Windows 2000 ships with an ActiveX control...
Microsoft Help and Support Center contains buffer overflow in code used to handle HCP protocol
Overview There is a buffer overflow in the Microsoft Help and Support Center that could permit an attacker to execute arbitrary code with SYSTEM privileges. Description The Microsoft Help and Support Center is a facility within WIndows to provide product help and documentation. Among other things...
Microsoft Windows ListBox and ComboBox controls vulnerable to buffer overflow when supplied crafted Windows message
Overview There is a buffer overflow in a function called by the Microsoft Windows ListBox and ComboBox controls that could allow an attacker to execute arbitrary code with privileges of the process hosting the controls. Description Processes that run on Windows use messages in order to interact...
Microsoft Authenticode mechanism installs ActiveX controls without prompting user
Overview A vulnerability in Microsoft's Authenticode could allow a remote attacker to install an untrusted ActiveX control on the victim's system. Description According to Microsoft Security Bulletin MS03-041:ActiveX is a technology that allows programmers to develop self-contained software modul...
Buffer overflow in Microsoft Messenger Service
Overview There is a buffer overflow in the Microsoft Windows Messenger service that could allow an attacker to execute arbitrary code on most recent versions of Microsoft Windows. Description There is a buffer overflow vulnerability in the Microsoft Windows Messenger service. This could allow an...
Microsoft Outlook Web Access (OWA) contains cross-site scripting vulnerability in the "Compose New Message" form
Overview There is a cross-site scripting vulnerability in Microsoft Outlook Web Access. Description The "Compose New Message" form of the Outlook Web Access OWA component of Microsoft Exchange 5.5 contains a cross-site scripting vulnerability. For more information about cross-site scripting...
Microsoft Exchange Server fails to properly handle specially crafted SMTP extended verb requests
Overview Microsoft Exchange fails to handle certain SMTP extended verbs correctly. In Exchange 5.5, this can lead to a denial-of-service condition. In Exchange 2000, this could permit an attacker to run arbitrary code. Description Microsoft Exchange is a popular collaboration product which includ...
Microsoft Windows DCOM/RPC vulnerability
Overview A vulnerability exists in Microsoft Windows DCOM/RPC that can be exploited to cause a denial of service. It may be possible for an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Remote Procedure Call RPC "... is a powerful, robust, efficient, and...
Microsoft Windows fails to properly validate buffer size of incoming SMB packets
Overview Microsoft's implementation of Server Message Block SMB contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service. Description SMB and the Common Internet File System CIFS are closely related protocols used sharing...
Hummingbird CyberDOCS error page discloses web server installation path
Overview Hummingbird CyberDOCS contains a vulnerability that could allow a remote attacker to learn the installation path of the web server. This information could be used to support further attacks. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management...
Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities
Overview Hummingbird CyberDOCS contains cross site scripting vulnerabilities that could allow an attacker to obtain sensitive information and possibly impersonate legitimate users. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management solution that runs on...
Hummingbird CyberDOCS vulnerable to SQL injection
Overview Hummingbird CyberDOCS contains an SQL injection vulnerability that could allow a remote attacker to execute SQL commands. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management solution that runs on Windows NT/2000 using SQL database technology. Th...
Hummingbird CyberDOCS sets insecure permissions on script source code files
Overview Hummingbird CyberDOCS running on Microsoft Internet Information Services IIS sets insecure permissions on script source code files. A remote attacker could read the contents of unprotected files. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document manageme...
CGI.pm vulnerable to Cross-site Scripting
Overview A vulnerability in the Common Gateway Interface CGI Perl module may allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers su...
Microsoft Windows Media Player fails to properly launch URLs based on Dynamic HTML (DHTML) behaviors
Overview Microsoft Windows Media Player WMP permits the embedding of URLs into media files. When launching an embedded URL, a logic error in the WMP URL handling makes it possible to move from a less trusted domain zone into the local computer zone. This vulnerability permits an attacker to execu...
Microsoft Internet Explorer fails to properly handle Dynamic HTML (DHTML) behaviors in restricted zones
Overview Microsoft Internet Explorer contains a logic error in the way that it handles DHTML. This error makes it possible to move content from the less trusted Restricted zone into the Internet zone. This vulnerability permits an attacker to execute arbitrary code in the context of the Internet...
SSH Communications Secure Shell vulnerable to DoS via malformed BER/DER packet
Overview SSH Communications' Secure Shell contains vulnerabilities in ASN.1 libraries that may allow remote attackers to cause a denial-of-service situation, or potentially execute arbitrary code on the server. Description SSH Communications' Secure Shell contains a vulnerability in the decoding ...
Multiple vulnerabilities in SSL/TLS implementations
Overview Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. Description The U.K. National Infrastructure Security Co-ordination...
OpenSSL contains integer overflow handling ASN.1 tags (1)
Overview A vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose cryptographic library. SSL and TLS are...
OpenSSL contains integer overflow handling ASN.1 tags (2)
Overview A vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose cryptographic library. SSL and TLS are...
OpenSSL does not securely handle invalid public key when configured to ignore errors
Overview A vulnerability in the way OpenSSL handles invalid public keys in client certificate messages could allow a remote attacker to cause a denial of service. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typical...
OpenSSL ASN.1 parser insecure memory deallocation
Overview A vulnerability in the way OpenSSL deallocates memory used to store ASN.1 structures could allow a remote attacker to execute arbitrary code with the privileges of the process using the OpenSSL library. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer...
OpenSSL accepts unsolicited client certificate messages
Overview OpenSSL accepts unsolicited client certificate messages. This could allow an attacker to exploit underlying vulnerabilities in client certificate handling. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general-purpos...
Solaris libc getopt(3) contains buffer overflow
Overview Solaris libc getopt3 contains a buffer overflow vulnerability. Please note the date of this report: 1/27/1997. This does not affect current versions of Solaris. Description From :A buffer overflow condition exists in the getopt3 routine in Solaris libc. By supplying an invalid option and...
Portable OpenSSH server PAM conversion stack corruption
Overview There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM conversion stack. Description The Portable OpenSSH server contains a vulnerability that may permit an attacker to corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that the...
OpenSSH PAM challenge authentication failure
Overview There is a vulnerability in the challenge authentication code of the Portable OpenSSH server when using the SSHv1 protocol and Pluggable Authentication Modules PAM. This vulnerability could permit a remote attacker to log in to the system as any user, including potentially root, without...
WS_FTP Server vulnerable to buffer overflow when supplied overly long "APPE" command
Overview It has been reported that a vulnerability exists in the processing of a "APPE" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...
WS_FTP Server vulnerable to buffer overflow when supplied overly long "STAT" command
Overview It has been reported that a vulnerability exists in the processing of a "STAT" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...
Sun Solstice AdminSuite ships with insecure default configuration
Overview The sadmind service provided on many Solaris and SunOS systems ships with an insecure default configuration that allows remote users to execute arbitrary commands with superuser root privileges. Description The Sun Microsystems Solstice AdminSuite is a graphical tool that allows Solaris...
Sendmail contains buffer overflow in ruleset parsing
Overview Sendmail contains a buffer overflow vulnerability in the code that parses rulesets. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.This vulnerability does not affect the default configuration. Description...
Sendmail prescan() buffer overflow vulnerability
Overview Sendmail contains a buffer overflow vulnerability in code that parses email addresses. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Sendmail is a widely used mail transfer agent MTA. There is a...
Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function
Overview A vulnerability in the Linux NFS network File System could permit an attacker to cause a denial of service, or potentially execute arbitrary code on the system. Description The Linux NFS network File System was developed to allow machines to mount a disk partition on a remote machine as ...
OpenSSH contains buffer management errors
Overview Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. Description Versions of OpenSSH prior to 3.7.1 contain errors in the general...
Microsoft Visual Basic for Applications (VBA) does not adequately validate document properties
Overview Microsoft Visual Basic for Applications VBA contains a buffer overflow when validating document properties. This vulnerability could allow an attacker to execute arbitrary code with the privileges of the user running VBA. Description From Microsoft Security Bulletin MS03-037:Microsoft VB...
MySQL fails to validate length of password field
Overview A vulnerability in MySQL could permit a malicious user to execute arbitrary code on the system. Description MySQL is a database system. MySQL contains a buffer overflow vulnerability in the processing of the password field of the MySQL database, specifically "SET PASSWORD". A malicious...
Microsoft Windows RPCSS Service contains heap overflow in DCOM activation routines
Overview There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many version...
Microsoft Windows RPCSS Service contains heap overflow in DCOM request filename handling
Overview There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many version...
Microsoft Access Snapshot Viewer vulnerable to buffer overflow when validating parameters
Overview A remotely exploitable vulnerability exists in the Microsoft Access Snapshot Viewer ActiveX control. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the local system with the privileges of the current user. Description According to Microsoft'...
RealNetworks media server RTSP protocol parser buffer overflow
Overview RealNetworks Helix Universal Server 9 media servers contain a buffer overflow in a RTSP protocol parser. Earlier versions of their media servers are also affected: RealSystem Server 7, 8, and RealServer G2. Description RealNetworks Helix Universal Server 9 media server is software which...
pam_smb module contains remote buffer overflow
Overview The pamsmb module contains a remotely exploitable buffer overflow vulnerability. This module is used to authenticate users using an external Server Message Block SMB server. A remote attacker may be able to exploit this vulnerability to run arbitrary commands on the system. Description T...
Microsoft Internet Explorer does not properly render input type tag
Overview Microsoft Internet Explorer IE does not properly render an input type tag, allowing a remote attacker to cause a denial of service. Description Microsoft Security Bulletin MS03-032 briefly describes ...a flaw in the way Internet Explorer renders Web pages that could cause the browser or...
Microsoft Windows BR549.DLL ActiveX control contains vulnerability
Overview The Microsoft Windows BR549.DLL ActiveX control, which provides support for the Windows Reporting Tool, contains an unknown vulnerability. The impact of this vulnerability is not known. Description Microsoft Security Bulletin MS03-032 briefly describes a vulnerability in the BR549.DLL...
Microsoft Internet Explorer contains buffer overflow in Type attribute of OBJECT element on double-byte character set systems
Overview Certain versions of Microsoft Internet Explorer IE that support double-byte character sets DBCS contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE. Description...
Sendmail fails to appropriately initialize data structures for DNS maps
Overview There is an uninitialized data structure in sendmail 8.12.x rrdomain = smstrduphost; \t\tif rr-rrdomain == NULL \t\t A fix for this condition was made in sendmail 8.12.9 in March 2003, but it was not known to be a security issue at that time. --- Impact A remote attacker may be able to...