3702 matches found
Microsoft Windows Data Access Components contains heap overflow in Data Stubs when parsing a malformed HTTP request
Overview A vulnerability in the Microsoft Data Access Components MDAC could lead to remote execution of code with the privileges of the current process, or user. Description Microsoft Data Access Components MDAC is a collection of utilities and routines to process requests between databases and...
Alcatel Operating System (AOS) does not require a password for accessing the telnet server
Overview The OmniSwitch 7700/7800 running Alcatel Operating System AOS version 5.1.1 has TCP port 6778 listening as a telnet server. This gives anyone access to the OmniSwitch's Vx-Works operating system without requiring a password. Description During an NMAP audit of the AOS 5.1.1 code that run...
NetScreen Secure Command Shell (SCS) denial-of-service vulnerability
Overview The Secure Command Shell service on NetScreen firewall products contains a remotely exploitable denial-of-service vulnerability. Description Firewall products from NetScreen Technologies, Inc. include a Secure Shell version 1 SSHv1 implementation called Secure Command Shell SCS. The SCS...
The default NTFS permissions are not applied to a converted boot partition on Microsoft Windows 2000 and Windows XP systems when CONVERT.EXE is used
Overview Several commercial desktops and laptops from OEM distributors ship with insecure permissions set on files and directories. It has been confirmed that this is due to the use of Microsoft's CONVERT.EXE utility. Description Microsoft's CONVERT.EXE program is used to convert FAT32 file syste...
Various DNS service implementations generate multiple simultaneous queries for the same resource record
Overview Various implementations of DNS services may allow multiple simultaneous queries for the same resource record, allowing an attacker to apply probabilistic techniques to improve their odds of successful DNS spoofing. Description Some implementations of DNS services contain a vulnerability...
Overly large OPT record assertion
Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Based on recent reports, we believe this vulnerability is being actively exploited. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.3.0 - 8.3.3. ISC's description of this...
Domain Name System (DNS) stub resolver libraries vulnerable to buffer overflows via network name or address lookups
Overview The DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10 contains buffer overflows in code that handles responses for network name and address requests. Other resolver libraries derived from BIND 4 such as BSD libc, GNU glibc, and those used by System V UNIX systems may also be...
ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database
Overview A remotely exploitable denial-of-service vulnerability exists in BIND. Description A remotely exploitable denial-of-service vulnerability exists in BIND 8.2 - 8.2.6 and BIND 8.3.0 - 8.3.3. ISC's description of this vulnerability states:It is possible to de-reference a NULL pointer for...
Cached malformed SIG record buffer overflow
Overview A vulnerability in BIND allows remote attackers to execute code with the privileges of the process running named. This vulnerability is resolved in BIND versions 4.9.11, 8.2.7, 8.3.4, and BIND 9. Description A remotely exploitable buffer overflow exists in named. An attacker using...
Multiple Sun RPC-based libc implementations fails to provide time-out mechanism when reading data from TCP connections
Overview A denial-of-service vulnerability exists in multiple vendor Sun RPC-based libc implementations. Description Multiple vendor Sun RPC-based libc implementations fail to properly read data from TCP connections. As a result, a remote attacker can deny service to system daemons. --- Impact A...
Apache discloses source code via POST requests to a location with WebDAV and CGI enabled
Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...
Netegrity SiteMinder does not adequately validate user input thereby allowing user to bypass filters via crafted URL
Overview Netegrity SiteMinder does adequately vaildate HTTP requests containing malicious Unicode encodings. Description Netegrity SiteMinder is a platform for securing multiple web applications through a single point of user authentication. SiteMinder does not properly filter HTTP requests when...
webalizer vulnerable to buffer overflow when performing reverse DNS lookups
Overview A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10. Description webalizer is a web server log file analysis program.webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in th...
Microsoft Windows 2000 SNMP service leaks memory when querying printer objects if spooler service is stopped
Overview A memory leak exists in the Windows 2000 SNMP service. Under a specific precondition, it can result in a remote denial-of-service vulnerability. Description If the SNMP service is running on a Windows 2000 server, and the 'Print Spooler' service is not running, repeatedly using SNMP...
Kerberos administration daemon vulnerable to buffer overflow
Overview Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system. Description A remotely exploitable buffer overflow exists in the Kerber...
Avaya switches contains multiple undocumented accounts allowing full administrative access to the device
Overview Multiple Avaya switches do not adequately protect privileged access. Description Avaya's P882, P880, P580, and P550R series switches do not adequately protect account access. As a result, a remote attacker can gain access to the switch via http or telnet. --- Impact A remote attacker can...
Multiple IPsec implementations do not adequately validate authentication data
Overview IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. Description For background: RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header RFC...
gv contains buffer overflow in sscanf() function
Overview A remotely exploitable buffer overflow vulnerability exists in gv. Description A remotely exploitable buffer overflow vulnerability exists in gv. gv allows a user to view and navigate PostScript and PDF documents by providing an interface to the ghostscript interpreter. This vulnerabilit...
Microsoft Word and Excel documents allow local file reading by via embedded fields
Overview Microsoft Word and Excel contain special encoding tags for formatting and updating content. An attacker may be able to use these tags to exploit an information disclosure vulnerability. Description Microsoft Word and Microsoft Excel are applications that ship as part of the Microsoft...
dvips uses system() function insecurely thereby allowing arbitrary command execution
Overview A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system. Description The dvips utility is used to convert DVI files to PostScriptTM. Typically the output is sent to the printer.RHSA-2002:194-18 states the vulnerability occurs...
State-based firewalls fail to effectively manage session table resource exhaustion
Overview There is a vulnerability in several state-based firewall products that allows arbitrary remote attackers to conduct denial of service attacks against vulnerable firewalls. Description Many firewall products use state tables to determine whether a given packet belongs to an existing sessi...
Multiple vendors' HTTP content/virus scanners do not check data tunneled via HTTP CONNECT method
Overview Multiple vendors' HTTP anti-virus and content filters do not inspect the contents of HTTP CONNECT method tunnels. As a result, viruses or other restricted HTTP content may not be blocked as specified by policy. Description Many anti-virus and content filter products that are designed to...
Microsoft Java implementation JDBC classes do not properly validate DLL requests
Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM do not properly validate DLL requests, allowing a malicious applet to load and execute any DLL on the client system. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and XP. It is used...
Microsoft Java implementation JDBC functions do not properly validate parameters
Overview The Java Database Connectivity JDBC classes of Microsoft's Java virtual machine VM contain functions that do not properly validate parameters. A malicious Java applet can exploit this vulnerability to crash programs on the client system. Description Microsoft's Java VM is installed on...
Multiple buffer overflow vulnerabilities in QNX
Overview Multiple buffer overflow vulnerabilities have been reported in QnX. Description QnX is an RTOS Realtime Operating System. QnX is used in many different devices and industries, including, but not limited to, Routers Manufacturing and Processing Medical Equipment Automotive and...
Microsoft Java implementation allows execution of malicious code
Overview A class in Microsoft's Java virtual machine VM does not properly validate trusted applets, allowing untrusted applets to exploit native methods and execute arbitrary code. Description Microsoft's Java VM is installed on Windows 98, NT, 2000, and xp. It is used by Internet Explorer and...
ypxfrd daemon fails to properly validate user supplied arguments in "getdbm" procedure
Overview A vulnerability in the ypxfrd daemon may allow a local attacker to read arbitrary files on the vulnerable system. Description Janusz Niewiadomski, of iSEC, discovered this vulnerability and produced the following advisory.Issue: ====== Improper arguments validation in ypxfrd may allow...
Multiple vendors' firewalls do not adequately keep state of FTP traffic
Overview Firewalls and other systems that inspect FTP application layer traffic may not adequately maintain the state of FTP commands and responses. As a result, an attacker could establish arbitrary TCP connections to FTP servers or clients located behind a vulnerable firewall. Description Many...
Microsoft Services for Unix 3.0 Interix SDK vulnerable to buffer overrun via RPC request containing improper parameter size check
Overview Microsoft Services for Unix 3.0 Interix SDK contains a remotely exploitable buffer overflow. Description Quoting from Microsoft's Services for Unix 3.0 homepage, "Windows Services for UNIX version 3.0 provides a full range of cross-platform services for integrating Windows into existing...
Apache HTTPD server vulnerable to cross site scripting on error page when using wildcard DNS
Overview Versions of the Apache HTTPD server with wildcard DNS enabled and UseCanonicalName disabled, are vulnerable to a cross-site scripting attack. Description Apache HTTPD servers versions 2.0.42 and prior, and 1.3.26 and prior, with wildcard DNS enabled and UseCanonicalName disabled, are...
ZIP archives containing files with large filenames can cause buffer overflows
Overview Multiple file decompression utilities contain buffer overflow vulnerabilities for which the impacts vary. Description Researchers at Rapid7, Inc. have discovered that multiple file decompression utilities are susceptible to buffer overflows as a result of large filenames embedded in...
Microsoft SmartHTML interpreter (shtml.dll) contains vulnerability
Overview Microsoft's SmartHTML interpreter shtml.dll contains a remotely exploitable vulnerability. Description shtml.dll is a component of FrontPage Server Extensions. FrontPage Server Extensions allow web developers to add or change content and to manage the web server.Quoting from MS02-053, "T...
InvokeRegWizard (regwizc.dll) ActiveX control has a buffer overflow
Overview Microsoft Internet Explorer 4.01 and 5 ship with a series of activex controls to aid in its functionality. Regwiz.dll is an safe-for-scripting activex control that contains a remotely exploitable buffer overflow. Description InvokeRegWizard regwizc.dll is a control that ships with...
Microsoft Internet Explorer executes scripts when scripting has been disabled after bypassing initial security checks
Overview A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting. Description Internet Explorer permits users to customize settings that enable and disable the ability of scripts t...
Microsoft Windows XMLHTTP component allows remote access to local data sources
Overview The Microsoft XMLHTTP ActiveX control allows unauthorized reading of any known file on a system. A victim must be enticed to visit a malicious site in order to be attacked. Description Description from MS02-008:Microsoft XML Core Services MSXML includes the XMLHTTP ActiveX control, which...
SetupCtl 1.0 Type Library contains a buffer overflow
Overview SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely exploitable buffer overflow. This control ships with Microsoft Internet Explorer 4.01 and 5. Description SetupCtl 1.0 Type Library is a safe-for-scripting ActiveX control that contains a remotely...
Adobe Acrobat eBook Reader allows users to circumvent copying and printing restrictions
Overview A vulnerability in Adobe Acrobat eBook Reader allows local users to circumvent redistribution restrictions placed on an eBook by the publisher. Description The Adobe Acrobat eBook Reader allows one to read electronic books. The eBook Reader employs technology in order to control what the...
DHTML Edit Control for IE5 allows local files to be uploaded to web server
Overview A vulnerability exists in the DHTML Edit Control for IE5 that allows arbitrary local files to be uploaded to a web server. Description DHTML Edit is an activex control that is marked safe-for-scripting. This control can be embedded in a website, and permit local files to be remotely...
Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow
Overview DNS stub resolvers from multiple vendors contain a buffer overflow vulnerability. The impact of this vulnerability appears to be limited to denial of service. Description A read buffer overflow vulnerability exists in BIND 4 and BIND 8.2.x stub resolver libraries. Other resolver librarie...
Microsoft Internet Explorer 5.5 print template ActiveX control allows arbitrary command execution
Overview The Internet Explorer 5.5 Print Template feature contains a vulnerability that allows a web page author to execute arbitrary code as the user viewing the web page. Description Internet Explorer version 5.5 supports a feature called "print templates" which allows a web page author to...
Microsoft Windows Media Player creates URL shortcut that may contain HTML code in known location in Local Computer Zone
Overview There is a vulnerability in the creation of Internet shortcuts in Windows Media Player version 6.4 and 7. This vulnerability may allow attackers to execute arbitrary commands when a victim views a malicious web page. Description Windows Media Player versions 6.4 and 7 create Internet...
Microsoft Windows 2000 Indexing Service permits read access to files outside web root via crafted request
Overview A vulnerability exists in the way that Index Server 2.0 and the Indexing Service for Windows 2000 handles search requests. This vulnerability may alllow attackers to view the contents of "include" files located on the web server. Description By submitting a specific search request to a...
WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution
Overview WebBoard does not adequately validate user input, allowing attackers to execute arbitrary JavaScript code on other WebBoard users' systems. Description WebBoard is a web application which includes a real-time chat server, using JavaScript alerts to display messages received by other user...
Novell GroupWise Server web-based front-end does not adequately validate user input thereby allowing directory traversal
Overview Novell GroupWise web application does not adequately validate user input, allowing directory traversal. Description Novell GroupWise server includes a web application that allows users to access e-mail and other features of the server. This component of GroupWise does not properly valida...
Savant Web Server has a buffer overflow vulnerability
Overview Savant Web Server has a buffer overflow vulnerability in handling of the HTTP 1.1 Host header. Description Savant Web Server has a buffer overflow vulnerability in handling of the HTTP 1.1 Host header. HTTP requests with long Host headers will cause Savant to crash. --- Impact Remote...
MS Excel XLM Text Macro execution fails to trigger warning when default medium security set
Overview Excel fails to present a warning dialog when a macro is called from an external XLM text macro file. Description If a spreadsheet contains a reference to an external macro XLM file, Excel does not generate the usual warning dialog asking if the user wants to run the macro. Microsoft...
Microsoft Exchange 2000 system attendant sets incorrect remote registry permissions
Overview The Microsoft Exchange System Attendant sets the permissions on a registry key incorrectly, allowing remote intruders access to the registry. Description The Microsoft Exchange System Attendant changes the permissions of the...
Microsoft Word does not check for macros contained in linked template file when opening RTF document
Overview There is a vulnerability caused by a failure to detect macros embedded in templates used by rich text format documents opened in Microsoft Word. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description...
Shambala FTP Server does not adequately validate user input thereby allowing directory traversal
Overview Shambala FTP server has a directory traversal vulnerability in its handling of the CWD command. Description Shambala FTP server contains a directory traversal vulnerability in its handling of the CWD command. Attackers may exploit this vulnerability to read directories and files outside ...
Sun Solaris asppls(1M) vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview Sun Solaris asppls1M creates temporary files insecurely, leading to possible local root compromise. Description Sun Microsystems describes the function of asppls1M as follows:aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point...