3695 matches found
Microsoft ASP.NET contains buffer overflow
Overview Microsoft ASP.NET contains buffer overflow in routine that handles the processing of cookies in StateServer mode. Description ASP.NET is a programming framework provided by Microsoft. For more details about this framework, please see the official web page.A remotely exploitable buffer...
Sendmail vulnerable to buffer overflow when DNS map is specified using TXT records
Overview A remotely exploitable buffer overflow exists in Sendmail, versions 8.12.0 through 8.12.4. This vulnerability only exhibits itself if you have modified the configuration file to look up TXT records in DNS. Description The buffer overflow occurs in the portion of code that process respons...
Multiple Cisco products consume excessive CPU resources in response to large SSH packets
Overview Multiple Cisco networking products contain a denial-of-service vulnerability. Description Multiple Cisco networking products contain a vulnerability that allows large SSH packets to cause excessive consumption of CPU resources. In some circumstances, this resource consumption may cause t...
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows
Overview Buffer overflow vulnerabilities exists in the DNS stub resolver library used by BSD, ISC BIND, and GNU glibc. Other systems that use DNS resolver code derived from ISC BIND may also be affected. An attacker who is able to control DNS responses could exploit arbitrary code or cause a deni...
OpenSSH vulnerabilities in challenge response handling
Overview There are two related vulnerabilities in the challenge response handling code in OpenSSH versions 2.3.1p1 through 3.3. They may allow a remote intruder to execute arbitrary code as the user running sshd often root. The first vulnerability affects OpenSSH versions 2.9.9 through 3.3 that...
Microsoft SQLXML HTTP components vulnerable to cross-site scripting via root parameter
Overview A cross-site scripting vulnerability exists in the Microsoft SQLXML HTTP components. This vulnerability could allow an attacker to execute script on a victim's system with the victim's privileges. Description Microsoft SQL Server 2000 includes a feature called SQLXML that allows the serv...
Mandrake Security may make unexpected system modifications
Overview The Mandrake Security utility included with Mandrake Linux may make unexpected modifications that affect system security. Description Mandrake Linux includes a tool named Mandrake Security msec that allows system administrators to manage and audit various system parameters associated wit...
Microsoft SQLXML ISAPI filter vulnerable to buffer overflow via contenttype parameter
Overview A buffer overflow vulnerability exists in the Microsoft SQLXML Internet Services Application Programming Interface ISAPI extension for Internet Information Server IIS. This vulnerability could allow a remote attacker to cause a denial of service or execute arbitrary code with LocalSystem...
Verity's Search97 contains a Cross-Site Scripting vulnerability in the processing of search requests
Overview Verity's Search97 application contains a Cross-Site Scripting vulnerability in the processing of search requests. Description Verity's Search97 application contains a Cross-Site Scripting vulnerability in the processing of search requests. This vulnerability is in both the Microsoft...
Apache web servers fail to handle chunks with a negative size
Overview There is a remotely exploitable vulnerability in the way that Apache web servers or other web servers based on their source code handle data encoded in chunks. This vulnerability is present by default in configurations of Apache web server versions 1.2.2 and above, 1.3 through 1.3.24, an...
webMathematica discloses the contents of arbitrary files when file is requested using the absolute path
Overview A directory traversal vulnerability exists in webMathematica. Description webMathematica provides a way to offer access to Mathematica applications via a web browser interface. For example, one can deploy calculators, problem solvers, and other types of interactive content over the web.B...
Microsoft Remote Access Service API contains buffer overflow vulnerability via phonebook entries
Overview The Microsoft Remote Access Service API contains a vulnerability that allows local attackers to execute arbitrary code with system privileges. Description The Microsoft Remote Access Service RAS Application Programming Interface API allows Windows programs to make dial-up connections to...
Microsoft Internet Information Server (IIS) contains remote buffer overflow in chunked encoding data transfer mechanism for HTR
Overview A buffer overflow vulnerability in IIS 4.0 and 5.0 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the HTR ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to a web...
Lotus Domino Web Server discloses IP address
Overview Lotus Domino Web server discloses its IP address to some HTTP requests. Description Lotus Domino can be coerced to reveal its IP address by sending it a crafted HTTP request. --- Impact Attackers can discover limited information about the numbering of the Domino server's network. ---...
Chunked encoding post can consume excessive memory on IIS 4.0 webserver
Overview Microsoft IIS 4.0, circa March 2000, contained a vulnerability that allowed an intruder to consume unlimited memory on a vulnerable server. Description Older versions of IIS 4.0, circa March 2000, contained a vulnerability in the chunked-encoding transfer mechanism that permitted an...
Snitz Forums 2000 vulnerable to cross-site scripting via crafted IMG tag
Overview Snitz Forums 2000 does not adequately check "IMG" tag "SRC" attributes and thus contains cross-site scripting vulnerability. Description Snitz Forums is an automated bulletin-board program for web sites. Snitz Forums allows users to submit images by specifying the URL of the image. In...
Microsoft Remote Access Service API contains additional buffer overflow vulnerability via phonebook entries
Overview The Microsoft Remote Access Service API contains a vulnerability that allows local attackers to execute arbitrary code with system privileges. Description The Microsoft Remote Access Service RAS Application Programming Interface API allows Windows programs to make dial-up connections to...
Microsoft Internet Explorer contains buffer overflow in handling of gopher replies
Overview There is a buffer overflow in Internet Explorer when IE receives information from a gopher service. Description Gopher is a protocol that presents documents and services in a hierarchal representation, and is similar in some ways to HTTP. Internet Explorer reportedly contains a buffer...
Novell NetWare default installation contains sample files that disclose sensitive server information
Overview Novell NetWare 5.1 is a network management operating system that enables access to files, printers, directories, email, databases, and other network interfaces, as well as providing a web interface. There is an insecure default configuration that places several sample applications in the...
Apache Tomcat default installation contains sample applications that disclose webroot path
Overview There is an insecure default configuration in Apache Tomcat web server that places several sample applications in the webroot. Remote users may be able to use these applications to gain sensitive information about the server's configuration. Description There are several sample...
AOL Instant Messenger vulnerable to buffer overflow via crafted "addbuddy" URI sent in message
Overview America Online's Instant Messenger AIM contains a remotely exploitable buffer overflow vulnerability. Description AOL Instant Messenger is a widely used program for communicating with other users over the Internet. A buffer overflow exists in the processing of the addbuddy parameter of t...
AOL Instant Messenger vulnerable to denial-of-service attack via buddy list transfers
Overview America Online's Instant Messenger AIM contains a remotely exploitable buffer overflow vulnerability. Description AOL Instant Messenger is a program for communicating with other users over the Internet and is widely used. During a buddy list transfer, a buffer overflow may occur. It has...
tcpdump vulnerable to buffer overflow via improper decoding of AFS RPC (Rx) packets
Overview A vulnerability exists in tcpdump that could allow an attacker to execute arbitrary code with the privileges of tcpdump, typically root. Description tcpdump is a widely-used network sniffer that is capable of decoding AFS traffic. A buffer overflow vulnerability has been discovered in...
Yahoo! Messenger is vulnerable to DoS via multiple messages from spoofed names
Overview Yahoo! Messenger is an instant messaging client. A report indicates that there is a vulnerability that permits an attacker to spoof the source user name of a Yahoo! Messenger message. Description Yahoo! Messenger permits a user to place users on an ignore list. A vulnerability exists tha...
Yahoo! Messenger "addview" function allows for the automatic execution of malicious script contained in web pages
Overview Yahoo! Messenger is an instant messaging client. When installed, Yahoo! Messenger enables a URI handler ymsgr :parameter. The addview function of this handler can be used to execute arbitrary script/html on the local system. Description The addview feature of Yahoo! Messenger is used to...
Yahoo! Messenger contains buffer overflow in "IMvironment" field
Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "imv" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "imv" field that may permit a remote attacker to execute arbitrary code ...
Yahoo! Messenger contains a buffer overflow in "set_buddygrp" when adding users to a buddy list via the web
Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "setbuddygrp" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "setbuddygrp" field that may permit a remote attacker to execute...
Yahoo! Messenger contains a buffer overflow in the URI handler
Overview Yahoo! Messenger is an instant messaging client. A remotely exploitable vulnerability has been reported in the URI handler of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the URI handler of Yahoo! Messenger, versions 5,0,0,1064 and prior, that may permit...
Yahoo! Messenger contains buffer overflow in "message" field
Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "message" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "message" field that may permit a remote attacker to execute arbitra...
Yahoo! Messenger allows arbitrary users to be added to buddy list without proper authorization
Overview Yahoo! Messenger is an instant messaging client. There is a vulnerability in Yahoo! Messenger that permits a remote user to add arbitrary users to the victim's buddy list. Description Yahoo! Messenger allows users to view content only from users on their buddy list. An attacker could cra...
Microsoft Exchange 2000 exhausts server resources while attempting to process malformed mail attributes
Overview Microsoft Exchange 2000 contains a vulnerability that allows remote attackers to conduct a denial-of-service attack that once begun, cannot be stopped until the crafted message has been completely processed. Description Microsoft Exchange 2000 contains a vulnerability in its handling of...
ISC BIND 9 fails to process additional data chains in responses correctly thereby causing the server to fail an internal consistency check
Overview A denial-of-service vulnerability exists in version 9 of the Internet Software Consortium's ISC Berkeley Internet Name Domain BIND server. ISC BIND versions 8 and 4 are not affected. Exploiting this vulnerability will cause vulnerable BIND servers to shut down. Description BIND is an...
Oracle Web Cache contains buffer overflow vulnerabilities
Overview The CERT/CC is aware of a report about "several remotely exploitable buffer overflow vulnerabilities in the Oracle Web Cache Server" that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Web Cache process. Description The Oracle Web Cac...
Oracle Reports Server Reports Web Cartridge (RWCGI60) vulnerable to buffer overflow via database name parameter
Overview A buffer overflow vulnerability in Oracle Reports Server 6i could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Reports Server process. Description Oracle Reports Server is a component of Oracle Application Server that handles client...
Oracle Application Server contains format string vulnerability
Overview The CERT/CC is aware of a report about a "remotely exploitable format string vulnerability in Oracle Application Server" that could allow an unauthenticated, remote attacker to execute arbitrary code on a vulnerable system. Description Oracle Application Server uses the Apache HTTP Serve...
Oracle TNS Listener Control Utility (LSNRCTL) contains format string vulnerability
Overview The Oracle Listener Control Utility LSNRCTL contains a format string vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code or commands or cause a denial of service. Description Oracle Transparent Network Substrate TNS Listeners are processes that...
Oracle9i Database TNS Listener vulnerable to buffer overflow via SERVICE_NAME parameter
Overview A buffer overflow vulnerability exists in the TNS Listener component of Oracle9i Database. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the TNS Listener process or cause a denial of service. Description Oracle9i...
Microsoft Internet Explorer may handle certain web pages in an incorrect, less restrictive security zone (MS02-023)
Overview Microsoft Internet Explorer IE may handle malformed Internet pages accessed through the NetBIOS protocol as if they belong to the IE's Intranet or Trusted Sites security zones, instead of the more restrictive Internet security zone. Description If a user views a page on the Internet that...
Verisign transmits sensitive customer information in plain text when applying for a "Code Signing Digital ID"
Overview Verisign offers a service entitled "Code Signing Digital ID for Microsoft Authenticode." Information that is submitted to this site is not transmitted via an SSL secured session, instead it is transmitted in the plain-text. Description Verisign offers a service entitled "Code Signing...
SquirrelMail compose.php script does not adequately validate input thereby allowing arbitrary user to send messages
Overview Some versions of SquirrelMail do not properly validate input. Attackers can spoof email addresses through this vulnerability. Description SquirrelMail is a collection of PHP4 scripts that provides webmail services. Prior to version 1.24, SquirrelMail does not properly validate Universal...
Quake II Server performs console variable expansion on client-supplied input values
Overview The Quake II Server contains an information leakage vulnerability that allows remote attackers to gain control of the game server process. Description The Quake II Server responds to console commands from Quake II clients to perform a variety of game and server management functions. Both...
Macromedia JRun ISAPI DLL filter vulnerable to buffer overflow via request for long Host header field
Overview A remotely exploitable buffer overflow exists in Macromedia's JRun version 3.1 on Win32 platforms. Description A remotely exploitable buffer overflow exists in the Win32 version of Macromedia's JRun version 3.1 on Win32 platforms.JRun is an application server that works with most popular...
OpenBSD kernel fails to properly check closed file descriptors "0-2" when running setuid program
Overview The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. Other OS kernels may be vulnerable as well. Description The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. As a result, an attacker may be...
Microsoft Windows 2000 Event Viewer contains buffer overflow
Overview The Windows 2000 event viewer contains a buffer overflow. Description The Microsoft Windows 2000 event viewer contains a buffer overflow that can be exploited when a record written to an event log is examined by the event viewer. Both privileged and unprivileged users can read and write ...
Microsoft Windows 2000 System Monitor ActiveX Control contains buffer overflow
Overview There is a buffer overflow in the System Monitor ActiveX control that ships with Windows 2000. Description The System Monitor ActiveX control sysmon.ocx included with Windows 2000 contains a buffer overflow. For more information, see...
Taskpads ActiveX Control incorrectly marked safe-for-scripting
Overview The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting. Description The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back...
Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface
Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to reboot affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional functionality allows a CS...
Cisco Content Service Switch performs soft reset when XML data is sent to web management interface
Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to perform a soft reset on affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional...
SSHD allows users to override "AllowedAuthentications" configuration thereby permitting users to provide any type of authentication
Overview A remotely exploitable authentication vulnerability exists in the SSH Communications Security SSH Secure Shell server, and possibly other SSH servers. Description SSH is a program used to provide secure communications between hosts. Versions 3.0.0 - 3.1.1 of SSH Secure Shell for Servers...
HTTP proxy default configurations allow arbitrary TCP connections
Overview Multiple vendors' HTTP proxy services use insecure default configurations that could allow an attacker to make arbitrary TCP connections to internal hosts or to external third-party hosts. Description HTTP proxy services commonly support the HTTP CONNECT method, which is designed to crea...