3695 matches found
MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference
Overview A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm. Description The MIT Kerberos V5 Key Distribution Center KDC contains a vulnerability that allows certain protocol requests to crash the KDC by...
IBM AIX FC contains buffer overflow exploitable during session setup
Overview The FC client in IBM's AIX contains a buffer overflow that may cause a core dump in the client. Description The IBM AIX FC client allows a buffer overflow of a few bytes in the client process, which could cause intermittent core dumps during session setup. Overflowing the buffer is...
Jakarta Tomcat serves JSP source code when supplied malformed HTTP request
Overview Tomcat does not adequately validate HTTP requests and may reveal JSP source code if supplied a malformed HTTP request. Description JavaServer Pages JSP is a technology that allows for the creation of dynamic web content. The Apache Jakarta Project implementation of JSP is known as Tomcat...
HP Tru64 UNIX "dxpause" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "dxpause" contains a locally exploitable buffer overflow. Description "dxpause" is used to lock a display. A locally exploitable buffer overflow in "dxpause" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX ".upd..loader" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of ".upd..loader" contains a locally exploitable buffer overflow. Description A locally exploitable buffer overflow in ".upd..loader" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. --- Impact A loc...
HP Tru64 UNIX "mailcv" contains buffer overflow (SSRT2193)
Overview The HP Tru64 UNIX implementation of "mailcv" contains a locally exploitable buffer overflow. Description "mailcv" converts dxmail style folders to UNIX style folders. A locally exploitable buffer overflow in "mailcv" may permit a local attacker to gain elevated privileges and execute...
Multiple vendors' email content/virus scanners do not adequately check "message/partial" MIME entities
Overview Email anti-virus scanners and content filters from multiple vendors do not adequately check messages containing "message/partial" MIME entities RFC 2046. As a result, viruses, malicious code, or other restricted content may not be detected. Description Section 5.2.2 of RFC 2046 defines t...
HP Tru64 UNIX "dtsession" contains buffer overflow (SSRT2282)
Overview The HP Tru64 UNIX implementation of "dtsession" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtsession" utility "provides ICCCM 1.1 compliant session management functionality during a user's session, the time from login to logou...
HP Tru64 UNIX "dxsysinfo" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "dxsysinfo" contains a locally exploitable buffer overflow. Description "dxsysinfo" is used to monitor system resources. A locally exploitable buffer overflow in "dxsysinfo" may permit a local attacker to gain elevated privileges and execute arbitrary...
HP Tru64 UNIX "dtterm" contains buffer overflow (SSRT2280)
Overview The HP Tru64 UNIX implementation of "dtterm" contains a locally exploitable buffer overflow. Description From the HP Tru64 UNIX reference pages, the "dtterm" utility "provides runtime support of legacy applications written for terminals conforming to ANSI X3.64-1979 and ISO 6429:1992E,...
Microsoft Visual FoxPro fails to properly evaluate filenames before launching application
Overview There is a vulnerability in Microsoft Visual FoxPro 6.0 that allows remote attackers to execute Visual FoxPro applications with the privileges of the victim user. Description Microsoft Visual FoxPro 6.0 contains an unspecified vulnerability that allows remote attackers to execute arbitra...
HP Tru64 UNIX "deliver" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "deliver" contains a locally exploitable buffer overflow. Description "deliver" is used to deliver mail to an IMAP mailbox . A locally exploitable buffer overflow in "deliver" may permit a local attacker to gain elevated privileges and execute arbitrar...
Internet Key Exchange (IKE) protocol discloses identity when Aggressive Mode shared secret authentication is used
Overview The Internet Key Exchange IKE protocol discloses username information when Aggressive Mode is used for shared secret authentication. Description The Internet Key Exchange IKE protocol provides a negotiation mechanism that allows an initiator to establish an encrypted session with a...
HP Tru64 UNIX "ping" contains locally exploitable vulnerability (SSRT2229)
Overview The HP Tru64 UNIX implementation of "ping" contains a locally exploitable vulnerability. Description "ping" is used to send ICMP echo requests to other hosts on the Internet. A locally exploitable vulnerability in "ping" may permit a local attacker to perform a denial-of-service attack o...
HP Tru64 UNIX "uucp" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uucp" contains a locally exploitable buffer overflow. Description "uucp" is used to copy files between hosts. A locally exploitable buffer overflow in "uucp" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "rdist" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "rdist" contains a locally exploitable buffer overflow. Description "rdist" allows a user to maintain identical copies of files on multiple hosts. A locally exploitable buffer overflow in "rdist" may permit a local attacker to gain elevated privileges...
HP Tru64 UNIX "csh" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "csh" contains a locally exploitable buffer overflow. Description "csh" is used to invoke the C shell and interpret commands. A locally exploitable buffer overflow in "csh" may permit a local attacker to gain elevated privileges and execute arbitrary...
HP Tru64 UNIX "ps" contains buffer overflow (SSRT2256)
Overview The HP Tru64 UNIX implementation of "ps" contains a locally exploitable buffer overflow. Description "ps" is used to display information about running processes. A locally exploitable buffer overflow in "ps" may permit a local attacker to gain elevated privileges and execute arbitrary co...
HP Tru64 UNIX "imapd" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "imapd" contains a locally exploitable buffer overflow. Description "imapd" is the IMAP daemon. A locally exploitable buffer overflow in "imapd" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable host. --...
HP Tru64 UNIX "inc" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "inc" contains a locally exploitable buffer overflow. Description "inc" is used to incorporate new mail. A locally exploitable buffer overflow in "inc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable...
HP Tru64 UNIX "uux" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "uux" contains a locally exploitable buffer overflow. Description "uux" is used to run a command on a remote system. A locally exploitable buffer overflow in "uux" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "ipcs" contains buffer overflow (SSRT0794U)
Overview The HP Tru64 UNIX implementation of "ipcs" contains a locally exploitable buffer overflow. Description "ipcs" is used to report inter-process communication status. A locally exploitable buffer overflow in "ipcs" may permit a local attacker to gain elevated privileges and execute arbitrar...
HP Tru64 UNIX "at" contains buffer overflow (SSRT2189)
Overview The HP Tru64 UNIX implementation of "at" contains a locally exploitable buffer overflow. Description "at" is used to run a job at a later time. A locally exploitable buffer overflow in "at" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable...
HP Tru64 UNIX "binmail" contains buffer overflow (SSRT0796U)
Overview The HP Tru64 UNIX implementation of "binmail" contains a locally exploitable buffer overflow. Description "binmail" is used to send and display mail messages. A locally exploitable buffer overflow in "binmail" may permit a local attacker to gain elevated privileges and execute arbitrary...
HP Tru64 UNIX "quot" contains buffer overflow (SSRT2191)
Overview The HP Tru64 UNIX implementation of "quot" contains a locally exploitable buffer overflow. Description "quot" is used to summarize file system ownership. A locally exploitable buffer overflow in "quot" may permit a local attacker to gain elevated privileges and execute arbitrary code on ...
HP Tru64 UNIX "lpd" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "lpd" contains a locally exploitable buffer overflow. Description "lpd" is used to handle the printer spool area. A locally exploitable buffer overflow in "lpd" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "lpr" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "lpr" contains a locally exploitable buffer overflow. Description "lpr" is used to send files to a print spool. A locally exploitable buffer overflow in "lpr" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "lpq" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "lpq" contains a locally exploitable buffer overflow. Description "lpq" is used to examine the printer spool queue. A locally exploitable buffer overflow in "lpq" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
HP Tru64 UNIX "lprm" contains buffer overflow (SSRT2260)
Overview The HP Tru64 UNIX implementation of "lprm" contains a locally exploitable buffer overflow. Description "lprm" is used to remove requests from a printer spool queue. A locally exploitable buffer overflow in "lprm" may permit a local attacker to gain elevated privileges and execute arbitra...
HP Tru64 UNIX "traceroute" contains buffer overflow (SSRT2261)
Overview The HP Tru64 UNIX implementation of "traceroute" contains a locally exploitable buffer overflow. Description "traceroute" is used to display the route packets follow from one host to another on the Internet. A locally exploitable buffer overflow in "traceroute" may permit a local attacke...
HP Tru64 UNIX "ypmatch" contains buffer overflow (SSRT2277)
Overview The HP Tru64 UNIX implementation of "ypmatch" contains a locally exploitable buffer overflow. Description "ypmatch" is used to print the value of keys from an NIS map. A locally exploitable buffer overflow in ypmatch may permit a local attacker to gain elevated privileges and execute...
HP Tru64 UNIX "passwd" contains buffer overflow (SSRT2192)
Overview The HP Tru64 UNIX implementation of "passwd" contains a locally exploitable buffer overflow. Description "passwd" is a utility used to change the password for the current user. A locally exploitable buffer overflow in "passwd" may permit a local attacker to gain elevated privileges and...
HP Tru64 UNIX "lpc" contains buffer overflow (SSRT2260)
Overview The HP Tru64 UNIX implementation of "lpc" contains a locally exploitable buffer overflow. Description "lpc" is used to control the line printer system. A locally exploitable buffer overflow in "lpc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a...
Cisco VPN 3000 series concentrator does not properly handle malformed ISAKMP packets
Overview Cisco VPN 3000 series concentrators do not properly handle specially crafted Internet Security Association and Key Management Protocol ISAKMP packets, which can cause a vulnerable device to reload, denying service to legitimate users. Description According to information on the Cisco web...
HP Tru64 UNIX contains buffer overflow in libc libraries (SSRT2257)
Overview The HP Tru64 Unix operating system contains multiple buffer overflow vulnerabilities. Description A vulnerability exists in the way in which the libc libraries handle environment variables in the HP Tru64 UNIX operating system. As a result, local attackers may be able to execute arbitrar...
Sun Solaris ptexec does not adequately validate argument passed via -o option
Overview The Sun Solaris ptexec command is subject to a buffer overflow due to not adequately validating arguments passed via the -o option. Description A locally exploitable buffer overflow exists in the ptexec command which is included in the SUNWvts package. This package is not included in the...
Microsoft Windows Terminal Services Advanced Client (TSAC) contains buffer overflow in process that handles input parameters
Overview Microsoft Windows Terminal Services Advanced Client TSAC contains a remotely exploitable buffer overflow. Description The Microsoft Windows Terminal Services Advanced Client TSAC contains a remotely exploitable buffer overflow. This ActiveX control provides a way to deliver Terminal...
Microsoft Office Web Components allows reading of local files via "LoadText" method by using URL redirection
Overview The Microsoft Office Web Components allow a remote attacker to read arbitrary files. Description The Microsoft Office Web Components OWC are ActiveX controls that can be embedded in web pages. These controls give users of a website limited Microsoft Office functionality, without having t...
Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum3 transaction
Overview Microsoft Server Message Block SMB may crash upon receipt of a crafted SMBCOMTRANSACTION packet requesting a NetServerEnum3 transaction. Attackers can use this vulnerability to cause a denial of service. Description SMB is a protocol for sharing data and resources between computers,...
Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetShareEnum transaction
Overview Microsoft Server Message Block SMB is a protocol for sharing data and resources between computers. SMB may crash upon receipt of a crafted SMBCOMTRANSACTION packet requesting a NetShareEnum transaction. Attackers can use this vulnerability to cause a denial of service. SMB is included in...
Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum2 transaction
Overview Microsoft Server Message Block SMB may crash when it receives a crafted SMBCOMTRANSACTION packet requesting a NetServerEnum2 transaction. Attackers can use this vulnerability to cause a denial of service. Description SMB is a protocol for sharing data and resources between computers. It ...
Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection
Overview Novell Netware RCONAG6 allows users to gain access to the server without a password. Description Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password...
FreeBSD privilege elevation vulnerability
Overview A locally exploitable privilege elevation vulnerability exists in FreeBSD. Description A locally exploitable privilege elevation vulnerability exists in FreeBSD. For more information, please see the Pine Internet Security Advisory. --- Impact A local user can gain root privileges. ---...
Low BandWidth X proxy vulnerable to buffer overflow via crafted display command line option
Overview A locally exploitable buffer overflow exists in the Low BandWidth X proxy. Description The Low BandWidth X proxy is a component of XFree86 a freely redistributable open-source implementation of the X Window System. The Low BandWidth X proxy allows applications to transparently take...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_displayparamstmt" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpdisplayparamstmt , that permits an unprivileged user of a database to gain administrative...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_printstatements" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpprintstatements , that permits an unprivileged user of a database to gain administrative...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_execresultset" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpexecresultset , that permits an unprivileged user of a database to gain administrative...
Microsoft Windows Network Connection Manager (NCM) handler routine may execute code with LocalSystem privileges
Overview A locally exploitable vulnerability exists in the Microsoft Windows 2000 Network Connection Manager NCM. Exploitation of this vulnerability may permit a local user to gain full privileges on the system. Description Microsoft Windows 2000 Network Connection Manager NCM provides routines t...
OpenBSD contains buffer overflow in "select" call
Overview A locally exploitable buffer overflow exists in all versions of OpenBSD. Description The buffer overflow exists in the select2 system call. The overflow occurs if select is supplied with arbitrary negative values. --- Impact Local users can gain system privileges and execute code in the...
Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) vulnerable to buffer overflow via _TT_CREATE_FILE()
Overview The Common Desktop Environment CDE ToolTalk RPC database server contains a buffer overflow condition that could let an attacker execute arbitrary code or cause a denial of service on a vulnerable system. The ToolTalk RPC database server typically runs with root privileges. Description A...