Microsoft Windows Media Player creates URL shortcut that may contain HTML code in known location in Local Computer Zone

Overview There is a vulnerability in the creation of Internet shortcuts in Windows Media Player version 6.4 and 7. This vulnerability may allow attackers to execute arbitrary commands when a victim views a malicious web page. Description Windows Media Player versions 6.4 and 7 create Internet...

WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution

Overview WebBoard does not adequately validate user input, allowing attackers to execute arbitrary JavaScript code on other WebBoard users' systems. Description WebBoard is a web application which includes a real-time chat server, using JavaScript alerts to display messages received by other user...

Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser

Overview There is a buffer overflow in the parsing of Active Stream Redirector .ASX files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page. Description There is a buffer overflow in the processing of Active Stream Redirector .ASX...

Microsoft Windows 2000 Indexing Service permits read access to files outside web root via crafted request

Overview A vulnerability exists in the way that Index Server 2.0 and the Indexing Service for Windows 2000 handles search requests. This vulnerability may alllow attackers to view the contents of "include" files located on the web server. Description By submitting a specific search request to a...

Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser

Overview There is a buffer overflow in the parsing of Active Stream Redirector .ASX files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page. Description There is a buffer overflow in the processing of Active Stream Redirector .ASX...

4D WebServer does not adequately validate user input thereby allowing directory traversal

Overview 4D WebServer does not properly validate HTTP requests, allowing directory traversal outside the root web directory. Description 4D WebServer versions 6.5.7 and earlier do not properly validate HTTP requests, allowing directory traversal outside the root web directory. --- Impact Remote...

zml.cgi does not adequately validate user input thereby allowing directory traversal

Overview zml.cgi does not adequately validate user input, allowing for directory traversal out of the web root directory. Description The perl script zml.cgi reads and parses a file on the server, executing certain Server Side Include SSI directives found in the file. The script accepts a CGI...

Unix Manual PHP-Script does not adequately validate user input thereby allowing arbitrary command execution

Overview User Manual does not adequately validate user input, allowing attackers to execute arbitrary commands on the server. Description Unix Manual as known as manual.php is a PHP script used to lookup and display man pages on the web. User Manual does not adequately filter user input before...

Pi-Soft SpoonFTP does not adequately validate user input thereby allowing directory traversal

Overview SpoonFTP Server does not adequately validate user input, allowing directory traversal. Description SpoonFTP Server does not adequately validate arguments to the CWD command, allowing directory traversal out of the FTP root directory. --- Impact Users may read any directory or file on the...

Apache mod_dav module vulnerable to DoS

Overview A denial-of-service vulnerability exists in Apache moddav. Description moddav is an Apache module. This module enables Apache web servers to provide users the ability to edit and manage files on a remote web server using the HTTP protocol. A vulnerability in moddav may allow an attacker ...

WebCalendar does not adequately validate user input

Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...

Allaire Forums does not verify user information stored in hidden form fields

Overview Allaire Forums does not verify user information submitted in hidden fields on a web form, allowing attackers to impersonate other users. Description Allaire Forums is a web-based bulletin board system that runs on Cold Fusion. When a user wishes to post a message, Allaire Forums...

TDForum does not adequately validate user input thereby allowing users to embed malicious script code in messages

Overview TDForum does not properly filter HTML scripting tags from user input, allowing users to post malicious scripts that may be executed unwittingly by other users. Description TDForum is a commercial software package providing dynamic web forum capabilities. Versions 1.2 and earlier of TDFor...

A1Stats multiple CGI scripts fail to adequately validate user input

Overview A1Stats does not properly validate user input, allowing directory traversal and overwriting of files. Description A1Stats is a CGI script that provides reports on web site traffic. A1Stats does not properly filter the CGI query string. An attacker may exploit this vulnerability to traver...

DansGuardian content filtering proxy fails to adequately validate user input thereby allowing user to access restricted site via hex encoded URLs

Overview DansGuardian does not properly filter Description DansGuardian is an HTTP proxy server based on Squid and enhanced to filter web content. DansGuardian does not properly process URLs that contain certain unspecified hexadecimal encodings, resulting in incomplete filtering of HTTP response...

Cherokee Web Server fails to drop privileges after daemon starts

Overview Cherokee fails to drop root privileges after binding to port 80. Description Cherokee is a compact, open-source web server. Cherokee is designed to start as root and drop root privileges after binding to port 80. However, versions of Cherokee prior to 0.2.7 fail to drop root privileges...

Exim does not adequately validate user input thereby allow execution of arbitrary commands

Overview Under certain configurations, Exim may execute commands embedded in a mail message's From address. Description Exim is an open-source mail transport agent distributed by the University of Cambridge. Exim can be configured to route all incoming mail or mail to particular addresses through...

Easynews does not adequately validate user input thereby disclosing server installation path via crafted URL request

Overview Easynews does not adequately validate user input. Attackers may exploit this vulnerability to learn the filesystem path where the script is installed. Description Easynews is an open-source CGI script designed to create dynamic news story web pages and listings. Easynews does not properl...

Cherokee Web Server does not adequately validate user input thereby allowing directory traversal

Overview Cherokee contains a directory traversal vulnerability caused by failure to filter '../' character sequences. Description Cherokee is a compact, open-source web server. Cherokee does not filter '../' sequences from HTTP requests. As a result, it is possible for a remote attacker to reques...

AdCycle does not adequately validate user input thereby allowing for SQL injection

Overview AdCycle does not adequately filter user input, allowing remote attackers to execute arbitrary MySQL queries. Description AdCycle is a shareware banner ad management system written in Perl and designed to work with a MySQL database. AdCycle does not adequately filter multiple unspecified...

Textor Webmasters Ltd listrec.pl does not adequately validate user input thereby allowing arbitrary commands to be executed

Overview Textor Webmasters Ltd listrec.pl CGI script does not properly validate input to the "TEMPLATE" CGI variable, allowing arbitrary command execution. Description The CGI script listrec.pl by Textor Webmasters Ltd does not properly validate input to the "TEMPLATE" CGI variable. This value is...

Cherokee Web Server does not adequately validate user input thereby allowing remote command execution

Overview Cherokee does not properly validate HTTP requests. Attackers may exploit this vulnerability to execute arbitrary commands as root. Description Cherokee is a compact, open-source web server. Cherokee passes Uniform Resource Identifiers URI's from HTTP requests directly to the shell withou...

PHP-Nuke does not adequately authenticate users thereby allowing attackers to change user information

Overview PHP-Nuke's saveuser function does not adequately authenticate users. Attackers may exploit this vulnerability to change user data and gain access to accounts. Description PHP-Nuke is a set of PHP scripts designed to simplify web site creation and maintenance. PHP-Nuke's saveuser function...

PHPNuke 'admin.php' script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files

Overview PHPNuke's "admin.php" script does not properly authenticate users of its filemanager capabilities. Attackers may exploit this vulnerability to copy, move, or upload files. Description PHPNuke is a set of PHP scripts designed to simplify website creation and maintenance. The "admin.php"...

Handspring VisorPhone vulnerable to DoS via SMS image transfer

Overview Handspring Visors equipped with the VisorPhone Springboard module can crash when receiving large SMS images from other mobile devices. Description Handspring Visor is a Palm-OS-based personal digital assistant PDA that features a proprietary plug-in hardware expansion technology named...

Microsoft Office Web Components allows arbitary user to determine whether local file exists via Chart component "Load" method

Overview Microsoft Office Web Components OWC allows a malicious script on a web page to learn if a file exists on the client's filesystem. Description OWC allows viewing of Microsoft Office documents such as spreadsheets and charts to be viewed within an HTML document in Microsoft Internet Explor...

EFTP does not adequately validate user input thereby allowing directory traversal

Overview Encrypted File Transfer Program EFTP does not properly validate CWD commands, allowing authenticated users to read arbitrary directories and files. Description Encrypted File Transfer Program EFTP is an implementation of the FTP protocol using 448-bit Blowfish encryption. EFTP allows...

Microsoft Internet Explorer (MSIE) Content-Disposition vulnerabilities

Overview Microsoft Internet Explorer IE may handle executable content automatically, opening it with another application on the client host that may, in turn, instruct the operating system to execute the file. Description IE does not properly verify the Content-Disposition and Content-Type header...

Mac OS X utility gm4 contains format string vulnerability

Overview The gm4 utility of Mac OS X contains a buffer overflow, which may allow a root compromise through other programs. Description The gm4 utility of Mac OS X contains a buffer overflow. Some setuid root programs on Mac OS X may rely on gm4, possibly allowing a root compromise through these...

Slash-based bulletin boards contain a "quick login" feature that may disclose username and password

Overview Slash-based bulletin boards contain a vulnerability that may cause users to disclose their username and password to third-party sites. Description As described in the Slashcode FAQ, "Slash is a database-driven news and message board, using Perl, Apache and MySQL." Slash allows web site...

HP Tru64 UNIX "chfn" contains buffer overflow (SSRT2259)

Overview The HP Tru64 UNIX implementation of "chfn" contains a locally exploitable buffer overflow. Description A locally exploitable buffer overflow in "chfn" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. --- Impact A local user may be...

Mike Spice's Quiz Me! does not adequately validate user input

Overview Mike Spice's Quiz Me! does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Quiz Me! to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Quiz Me! is a CGI script written in...

Mike Spice's Vote does not adequately validate user input

Overview Mike Spice's Vote does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Vote to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Vote is a CGI script written in Perl and...

Mike Spice's My Calendar does not adequately validate user input

Overview Mike Spice's My Calendar does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause My Calendar to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's My Calendar is a CGI script...

Multiple vulnerabilities exist within credit card chips thereby allowing malicious user to bypass authentication mechanism

Overview French smart card reader terminals can be fooled into accepting imposter smart cards for payment. Description French smart cards are credit cards with an embedded chip containing certain cardholder, account, and authentication information. These cards are read by automated terminals acro...

Entrust GetAccess does not validate user input thereby allowing users to read arbitrary files

Overview Entrust GetAccess does not properly validate the CGI variable "LOCALE" and may be exploited to read arbitrary files on the server. Description Entrust GetAccess is a web software product for identifying users of a web site. Entrust GetAccess takes a CGI variable named "LOCALE" specifying...

MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference

Overview A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm. Description The MIT Kerberos V5 Key Distribution Center KDC contains a vulnerability that allows certain protocol requests to crash the KDC by...

PHP fails to filter ASCII control characters from string arguments of mail() function

Overview PHP does not properly filter parameters to its mail function. Description PHP is a scripting language widely used in web application development. PHP includes a function called mail that takes message parameters such as recipient address and sends mail using sendmail. PHP does not filter...

x_news allows unauthorized users to access administrative menu

Overview xnews allows a user to authenticate without supplying the user's plaintext password. Description xnews is a system for managing news. When a user logs in to xnews version 1.1 using a plaintext password, xnews hashes the password with MD5 and compares it to user's hash stored in the file...

Microsoft Internet Explorer contains cross-site scripting vulnerabilities in local HTML resources

Overview Microsoft Internet Explorer IE includes several local HTML resources that contain cross-site scripting vulnerabilities. These resources use the dialogArguments property of dialog frames insecurely, allowing an attacker to execute arbitrary script in the Local Machine Zone. Description...

Microsoft Internet Explorer vulnerable to DoS via crafted ftp:// URL

Overview Microsoft Internet Explorer has a vulnerability that may cause the program to crash when opening some FTP URL's. Description Microsoft Internet Explorer with Browsing Enhancements installed by default on some versions of Windows may crash when opening an FTP URL containing '' or '&'...

X11 vulnerable to buffer overflow in handling of -xrm option

Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...

/usr/libexec/vi.recover script contains vulnerability allowing arbitrary zero-length files to be removed

Overview The /usr/libexec/vi.recover script in OpenBSD has a vulnerability that could allow an attacker to remove arbitrary zero-length files, including device nodes. Description The /usr/libexec/vi.recover script in OpenBSD cleans up vi temp files and informs a user via email if a recovery file...

rsync fails to properly handle negative values specified for signed integers thereby allowing remote command execution

Overview There exist several signed-integer vulnerabilities in rsync. If rsync is run as a daemon, a remote-root compromise may be possible. Description Included in most distributions of Linux, rsync is a popular tool for synchronizing files across multiple hosts. Though not enabled in the defaul...

IBM AIX FC contains buffer overflow exploitable during session setup

Overview The FC client in IBM's AIX contains a buffer overflow that may cause a core dump in the client. Description The IBM AIX FC client allows a buffer overflow of a few bytes in the client process, which could cause intermittent core dumps during session setup. Overflowing the buffer is...

Vandyke Software SecureCRT contains buffer overflow vulnerability in password handling code

Overview SecureCRT is vulnerable to buffer overflow from improper handling of long password input. Description SecureCRT is a terminal emulator and SSH client for Windows. If the SSH1 protocol is used and the user enters a password 300 characters or more in length, SecureCRT will crash, with the...

IBM AIX vulnerable to buffer overflow in RCP

Overview IBM AIX contains a buffer-overflow vulnerability that may allow remote attackers to gain root privileges. Description Some versions of IBM AIX used unbounded string operators. This problem was corrected in AIXV4 by changing the unbounded operators to their bounded equivalents. --- Impact...

Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site

Overview PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server. Description PHP-Nuke is a tool designed to ease web site creation and maintenance. PHP-Nuke includes a script named index.php, which uses PHP's include function t...

IBM AIX vulnerable to buffer overflow in RPC routines

Overview IBM AIX contains a possible buffer-overflow vulnerability. Description Version 4.3 of IBM AIX has a possible buffer-overflow vulnerability in its RPC routines, due to use of an incorrect variable data type. No further information is available from the vendor. --- Impact The complete impa...

Hewlett Packard JetDirect-enabled printers disclose Telnet/HTTP passwords in hex format via "SNMP READ" request

Overview Hewlett Packard HP printers store sensitive administrative account information in a variable that is served to any user that makes a certain SNMP request. Description HP JetDirect-enabled printers are configurable via HTTP and Telnet and accept SNMP requests. These printers store the...