3702 matches found
Low BandWidth X proxy vulnerable to buffer overflow via crafted display command line option
Overview A locally exploitable buffer overflow exists in the Low BandWidth X proxy. Description The Low BandWidth X proxy is a component of XFree86 a freely redistributable open-source implementation of the X Window System. The Low BandWidth X proxy allows applications to transparently take...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_printstatements" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpprintstatements , that permits an unprivileged user of a database to gain administrative...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_execresultset" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpexecresultset , that permits an unprivileged user of a database to gain administrative...
Microsoft Windows Network Connection Manager (NCM) handler routine may execute code with LocalSystem privileges
Overview A locally exploitable vulnerability exists in the Microsoft Windows 2000 Network Connection Manager NCM. Exploitation of this vulnerability may permit a local user to gain full privileges on the system. Description Microsoft Windows 2000 Network Connection Manager NCM provides routines t...
Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_displayparamstmt" extended procedure
Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpdisplayparamstmt , that permits an unprivileged user of a database to gain administrative...
OpenBSD contains buffer overflow in "select" call
Overview A locally exploitable buffer overflow exists in all versions of OpenBSD. Description The buffer overflow exists in the select2 system call. The overflow occurs if select is supplied with arbitrary negative values. --- Impact Local users can gain system privileges and execute code in the...
Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets
Overview Internet Key Exchange IKE implementations from several vendors contain buffer overflows and denial-of-service conditions. The buffer overflow vulnerabilities could permit an attacker to execute arbitrary code on a vulnerable system. Description The CERT/CC has received a report describin...
Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) vulnerable to buffer overflow via _TT_CREATE_FILE()
Overview The Common Desktop Environment CDE ToolTalk RPC database server contains a buffer overflow condition that could let an attacker execute arbitrary code or cause a denial of service on a vulnerable system. The ToolTalk RPC database server typically runs with root privileges. Description A...
Cisco CallManager contains memory leak
Overview The Cisco Call Manager contains a vulnerability that could permit an intruder to crash the Call Manager. Description The Cisco Call Manageris software to manage telephone calls in a mixed data and voice environment. Specifically the Cisco Call Manager "extends enterprise telephony featur...
SurfControl SuperScout does not filter web requests fragmented in multiple packets
Overview SurfControl SuperScout Web Filter does not block some HTTP requests that have been fragmented into multiple packets. Description SurfControl SuperScout Web Filter is software intended for companies that wish to limit employees' web surfing to appropriate uses. SuperScout anazlyzes...
Macromedia Flash Player continues to download flash files until browser is closed
Overview Macromedia Flash 6 does not terminate connections when a web user leaves the page. These connections may consume excessive amounts of bandwidth and limit the flow of other data. Description The Macromedia Flash media format enables frame-based animations with sound to be viewed within a...
SGI IRIX rpc.xfsmd does not filter shell metacharacters from user input before invoking popen() function
Overview The XFS journaling filesystem daemon uses a call to popen3 with unfiltered client-controlled input. This will lead to arbitrary command execution on remote systems. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon xfsmd on SGI systems use...
SGI IRIX rpc.xfsmd uses weak authentication mechanism for RPC authentication
Overview The XFS file system on SGI systems allows anonymous remote users to call xfs-related RPC functions. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon rpc.xfsmd on SGI systems uses the default AUTHUNIX authentication mechanism a client-base...
Nevrona Designs MiraMail stores all configuration and user account information in unencrypted text file
Overview Some versions of MiraMail store username and passwords in a text file without using encryption. Description MiraMail is a news server for Windows-based hosts. Versions of MiraMail up to and including 1.04 store MiraMail user data, including usernames and passwords, in unencrypted plainte...
Buffer-overflow vulnerability in Midnight Commander
Overview The mcedit component of some versions of Midnight Commander contains a buffer-overflow vulnerability. Description Midnight Commander is a file manager for open source operating systems, distributed under the GNU General Public License GPL. In version 4.5.1 of Midnight Commander, the mced...
Multiple vendor implementations of file scanning utilities vulnerable to DoS via compressed file archive
Overview Several file scanning utilities, including some virus scanners, may fail and crash when scanning compressed file archives. Description Many file scanners will decompress compressed file archives in memory so their contents can be scanned. However, some of these scanners do not check if...
Magic Enterprise contains multiple shell scripts that allow arbitrary file overwriting via symlink redirection of temporary file
Overview Some versions of Magic eDeveloper Enterprise Edition contain a symbolic-link vulnerability that allows attackers to overwrite data or execute arbitrary commands. Description Magic eDeveloper is a development environment for large-scale and distributed applications.Magic eDeveloper...
Mac OS X Finder creates world-readable ".FBCIndex" file thereby disclosing sensitive information
Overview Mac OS X's Find-By-Content indexing may store file data where it can be served to remote users by Apache. Description The Find-By-Content feature of Mac OS X generates indexing data from the contents of files in each directory. It then stores the indexing data for each directory in a...
Talentsoft Web+ contains buffer overflow in "webpsvc.exe"
Overview Talentsoft's Web+ development platform contains a buffer overflow in a component that also installs by default into all web sites produced by Web+. Description Talentsoft Web+ is a set of tools for accelerated web site development. A component of Web+ named "webpsvc.exe" contains a buffe...
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups
Overview Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a deni...
Directory-traversal vulnerability in Mike Spice's My Classifieds CGI script
Overview Some versions of My Classifieds contain a directory-traversal vulnerability that allows attackers to overwrite files. Description My Classifieds is a Perl CGI script, maintained by Mike Spice, that produces dynamic ad listings on a web server and allows users to edit their ads remotely...
ncompress vulnerable to buffer overflow via long filename
Overview Some versions of ncompress contain a buffer-overflow vulnerability. Description Versions 4.2.4 and earlier of ncompress do not properly handle filenames longer than 1023 characters. --- Impact By supplying long filenames to ncompress, an attacker may be able to gain local access to the...
Integer overflow in xdr_array() function when deserializing the XDR stream
Overview There is an integer overflow present in the xdrarray function distributed as part of the Sun Microsystems XDR library. This overflow has been shown to lead to remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code. Although the library...
Certain implementations of SSH1 may reveal internal cryptologic state
Overview An implementation problem in at least one Secure Shell SSH product and a weakness in the PKCS11.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH. Description A weakness in some SSH products using the SSH1 protocol may allow an attacker...
Oracle Configurator discloses version and host information via "test" argument passed to servlet
Overview A servlet component of Oracle Configurator may post sensitive version and host information to any Web user that makes a crafted request to the server. Description Oracle Configurator is an Internet application used to configure Oracle Application and Database Servers. If a user sends a...
OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process
Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the system Description Servers running OpenSSL pre-release version 0.9.7 with Kerberos...
OpenSSL clients contain a buffer overflow during the SSL3 handshake process
Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL clients that could lead to the execution of arbitrary code on the client's system. Description OpenSSL clients using SSLv3 prior to version 0.9.6e and...
OpenSSL servers contain a buffer overflow during the SSL2 handshake process
Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server. Description Versions of OpenSSL servers prior to 0.9.6e and pre-release...
ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines
Overview Abstract Syntax Notation number One ASN.1 is an international standard used to describe and transmit data packets between applications and across networks. There is a vulnerability related to ASN.1 that could permit an attacker to cause a denial of service or potentially execute arbitrar...
OpenSSL contains multiple buffer overflows in buffers that are used to hold ASCII representations of integers
Overview OpenSSL is an open-source implementation of the Secure Sockets Layer SSL protocol. There is a buffer overflow on 64-bit platforms related to the ASCII representation of integers. Description OpenSSL clients and servers running on 64-bit platforms prior to version 0.9.6e and pre-release...
Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts
Overview Sambar Webserver displays script contents instead of interpreting them when the user adds certain characters to the end of the script URL. Description Sambar Webserver is designed to handle CGI requests by interpreting CGI scripts to produce output returned to the client. However, due to...
util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility
Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. T...
Microsoft SQL Server installation process leaves sensitive information on system
Overview Microsoft SQL server versions 7.0 and 2000, as well as MSDE 1.0, may leave installation and log files on the server after the installation process is complete. These files may contain senstitive information such as passwords used during the install. Users with authenticated access to the...
Microsoft SQL Server 2000 contains heap buffer overflow in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a remotely exploitable heap buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...
Microsoft SQL Server 2000 contains denial-of-service vulnerability in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a vulnerability that allows remote attackers to create a denial-of-service condition between two Microsoft SQL servers. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral services for...
Microsoft SQL Server contains buffer overflow vulnerabilities in multiple extended stored procedures
Overview Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could cause a denial of service or execute arbitrary code or commands with the privileges of the SQL Server process, potentially gaining complete...
Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service
Overview Microsoft SQL Server 2000 contains a remotely exploitable stack buffer overflow that allows attackers to execute arbitrary code with the same privileges as the SQL server. Description The SQL Server Resolution Service SSRS was introduced in Microsoft SQL Server 2000 to provide referral...
Microsoft SQL Server contains SQL injection vulnerability in replication stored procedures
Overview Microsoft SQL Server contains multiple SQL injection vulnerabilities that allow database users to leverage administrative privileges on a single database to execute SQL queries or operating system commands with greater privileges. Description Microsoft SQL Server provides a scripting...
Microsoft SQL Server contains buffer overflow in code used to process "BULK INSERT" queries
Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server contains a buffer overflow vulnerability in the code used to process "Bulk Insert" queries. Bulk Insert...
Microsoft SQL Server contains buffer overflow in pwdencrypt() function
Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server provides multiple methods for users to authenticate to SQL databases. When SQL Server Authentication is...
Microsoft SQL Server service account registry key has weak permissions that permit privilege escalation
Overview The Microsoft SQL Server contains a vulnerability that allows remote attackers to execute arbitrary commands with system privileges. Description The Microsoft SQL Server typically runs under a dedicated "service account" that is defined by system administrators at installation time. This...
Microsoft SQL Server contains buffer overflows in several Database Consistency Checkers
Overview Microsoft SQL Server ships with several administrative tools that allow database users to elevate their administrative privileges from a single database to all databases on the server. Description Microsoft SQL Server ships with several utilities known as Database Consistency Checkers...
Sun iPlanet and ONE Web Servers contain a buffer overflow in the search engine
Overview The Sun iPlanet Web Server and Sun ONE Web Server both ship with a search engine that is not enabled by default. A remotely exploitable buffer overflow exists in the search engine that could permit an attacker to execute arbitrary code on the system. Description The Sun iPlanet Web Serve...
Microsoft Windows domain name resolver service accepts responses from non-queried DNS servers by default
Overview Systems running Microsoft Windows 98, NT, Windows 2000, or Windows XP DNS resolvers accept DNS replies from any IP address, not just the ones being sent DNS requests. This may lead to domain information spoofing or DNS cache poisoning. Description Microsoft Windows systems use a caching...
PHP fails to properly parse the headers of HTTP POST requests
Overview A vulnerability has been discovered in PHP. This vulnerability could be used by a remote attacker to execute arbitrary code or crash PHP and/or the web server. Description PHP is a popular scripting language in widespread use. For more information about PHP, see...
Real Networks RealONE Player vulnerable to arbitrary command execution via crafted html in the skin file
Overview RealNetwork's RealJukebox and RealONE Gold players are media applications that permit users to stream audio and video from local and internet sources. A vulnerability exists in the applications that could permit the execution of arbitrary commands by a remote attacker. Description...
Real Networks RealJukebox2 vulnerable to arbitrary code execution via crafted skin file
Overview RealNetwork's RealJukebox and RealONE Gold players are media applications that permit users to stream audio and video from local and internet sources. A vulnerability exists in the applications that could permit the execution of arbitrary code by a remote attacker. Description RealJukebo...
Uudecode performs inadequate checks on user-specified output files
Overview The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes. Description The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for...
Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) executes code as Local System
Overview The Windows 2000 Network DDE agent permits local users to execute commands with system privileges. Description Dynamic Data Exchange DDE is an interprocess communication mechanism used in Microsoft Windows. A DDE share is an area of memory which is used to store and retrieve data. Networ...
Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via malformed server-side include directive
Overview A buffer overflow in the code that processes server-side include files on IIS 4.0 and IIS 5.0 could allow an intruder to execute code with the privileges of the web server. Description A buffer overflow exists in the code that processes server side include directives on IIS versions 4 an...