3702 matches found
OpenBSD kernel fails to properly check closed file descriptors "0-2" when running setuid program
Overview The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. Other OS kernels may be vulnerable as well. Description The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. As a result, an attacker may be...
Taskpads ActiveX Control incorrectly marked safe-for-scripting
Overview The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting. Description The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back...
Microsoft Windows 2000 System Monitor ActiveX Control contains buffer overflow
Overview There is a buffer overflow in the System Monitor ActiveX control that ships with Windows 2000. Description The System Monitor ActiveX control sysmon.ocx included with Windows 2000 contains a buffer overflow. For more information, see...
Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface
Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to reboot affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional functionality allows a CS...
Cisco Content Service Switch performs soft reset when XML data is sent to web management interface
Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to perform a soft reset on affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional...
SSHD allows users to override "AllowedAuthentications" configuration thereby permitting users to provide any type of authentication
Overview A remotely exploitable authentication vulnerability exists in the SSH Communications Security SSH Secure Shell server, and possibly other SSH servers. Description SSH is a program used to provide secure communications between hosts. Versions 3.0.0 - 3.1.1 of SSH Secure Shell for Servers...
HTTP proxy default configurations allow arbitrary TCP connections
Overview Multiple vendors' HTTP proxy services use insecure default configurations that could allow an attacker to make arbitrary TCP connections to internal hosts or to external third-party hosts. Description HTTP proxy services commonly support the HTTP CONNECT method, which is designed to crea...
Computer Associates MLink "mclear" command vulnerable to buffer overflow via long string of characters
Overview A locally exploitable buffer overflow exists in mclear. Description CA-MLINK is a managed data transport service. For more information about CA-MLINK, please see the product brochure. Based on a public report, it appears there is a locally exploitable buffer overflow in the mclear comman...
Computer Associates MLink "mllock" command vulnerable to buffer overflow via long string of characters
Overview A locally exploitable buffer overflow exists in mllock. Description CA-MLINK is a managed data transport service. For more information about CA-MLINK, please see the product brochure. Based on a public report, it appears there is a locally exploitable buffer overflow in the mllock comman...
Nortel Networks CVX 1800 discloses privileged information
Overview The Nortel Networks CVX 1800 Multi-Service Access Switch discloses privileged information. Description The CVX 1800 Multi-Service Access Switch is a large modem bank typically used by large carriers and ISP's. When the CVX 1800 is queried with a specially crafted snmpwalk, it will respon...
Microsoft MSN Messenger Chat Control contains a buffer overflow in "ResDLL" parameter
Overview Microsoft's MSN Chat is an ActiveX control for Microsoft Messenger, an instant messaging client. A buffer overflow exists in the ActiveX control that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. Description A buffer overflo...
Sun Solaris cachefsd vulnerable to stack overflow in fscache_setup() function
Overview Sun's NFS/RPC cachefs daemon cachefsd is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 SPARC and Intel architectures. Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. An exploitable stack overflow exists in...
ISC DHCPD contains format string vulnerability when logging DNS-update requests
Overview The DHCP daemon DHCPD is a server that is used to allocate network addresses and assign configuration parameters to dynamically configured hosts. A format string vulnerability may permit an intruder to execute code with the privileges of the DHCP daemon typically root. Description The...
AOL Instant Messenger installer adds "http://free.aol.com" to Trusted Sites Zone in Microsoft Internet Explorer
Overview The installer for AOL Instant Messenger contains a vulnerability that weakens the security settings of Microsoft Internet Explorer. Description There is a vulnerability in the installer for AOL Instant Messenger AIM that silently adds "http://free.aol.com" to the list of Trusted Sites in...
Sun Solaris cachefsd vulnerable to heap overflow in cfsd_calloc() function via long string of characters
Overview Sun's NFS/RPC cachefs daemon cachefsd is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 SPARC and Intel architectures. Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. A remotely exploitable heap overflow exists i...
rpc.rwalld contains remotely exploitable format string vulnerability
Overview rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon. Description rpc.rwalld is a utility that listens for remote wall requests. Wal...
File Transfer Protocol allows data connection hijacking via PASV mode race condition
Overview There is a vulnerability in the File Transfer Protocol FTP that allows an attacker to hijack FTP data connections when the client connects using passive mode PASV. Description In FTP PASV mode, the client makes a control connection to the FTP server typically port 21/tcp and requests a...
sudo vulnerable to heap corruption via -p parameter
Overview Sudo is susceptible to a locally exploitable heap overflow vulnerability. Description Sudo is a common utility used to allow a system administrator to give users or groups of users rights to run certain programs as root or as another user. A locally exploitable heap overflow can lead to...
Apache HTTP Server on Win32 systems does not securely handle input passed to CGI programs
Overview A vulnerability in the Apache HTTP Server running on Win32 systems Windows 9x/Me, Windows NT/2000/XP could allow an attacker to execute commands with the privileges of the web server process. Description The Apache HTTP Server is a freely available web server that runs on a variety of...
Microsoft Internet Information Server (IIS) vulnerable to DoS via malformed FTP connection status request
Overview A vulnerability in IIS could allow an intruder to disrupt ordinary operations of both FTP and Web services on vulnerable IIS servers. Description IIS includes an FTP server. An intruder who sends a malformed request for the status of an existing connection could cause the IIS server to...
Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via inaccurate checking of delimiters in HTTP header fields
Overview A buffer overflow in IIS could allow an intruder to execute arbitrary code the the privileges of the ASP ISAPI extension. Description Like all web servers, IIS parses HTTP headers and decomposes them into the constituent parts. As part of this processing, IIS checks for delimiters that a...
Microsoft Internet Information Server (IIS) buffer overflow in server-side includes (SSI) containing long invalid file name
Overview A buffer overflow in IIS could allow an intruder to execute arbitrary code with the privileges of the ASP.DDL. Description Server-side include files SSI files are files which reside on a web server and which are included by scripts, programs, or web pages. SSI files are often used to...
Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 buffer overflow in chunked encoding transfer mechanism for ASP
Overview A buffer overflow vulnerability in IIS 4.0, 5.0, and 5.1 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the ASP ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to ...
Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in IIS Help Files search facility
Overview Visitors to web sites that use Microsoft IIS 5.0 and 5.1 are vulnerable to cross-site scripting attacks through the IIS help facility. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...
Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in HTTP error page results
Overview Visitors to web sites that use Microsoft IIS and also use the default error pages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting from...
Microsoft Internet Information Server (IIS) contains cross-site scripting vulnerability in redirect response messages
Overview Visitors to web sites that use Microsoft IIS and also issue redirect response messages are vulnerable to cross-site scripting attacks. Description Cross-site scripting is a form of attack in which an intruder leverages the trust between a victim and a web-site the victim trusts. Quoting...
Microsoft Internet Information Server (IIS) vulnerable to heap overflow during processing of crafted ".htr" request by "ISM.DLL" ISAPI filter
Overview A buffer overflow in the HTR ISAP extension on IIS servers could permit an intruder to interrupt the normal operation of IIS or possibly execute arbitrary code with the privileges of the HTR extension. Description HTR is a server-side scripting technology for IIS which has largely been...
Microsoft Internet Information Server (IIS) vulnerable to DoS when URL request exceeds maximum allowed length
Overview Intruders may be able to cause the IIS service to fail by sending a particular kind of overly-long URL. Description ISAPI is a programming interface to IIS that can be used to modify or extend the behavior of IIS. Programs written using ISAPI are known as either filters or extension,...
Microsoft Internet Information Server (IIS) 4.0 and 5.0 buffer overflow in chunked encoding transfer mechanism for ASP
Overview A buffer overflow vulnerability in IIS 4.0 and 5.0 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the ASP ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to a web...
Buffer overflow in Microsoft Windows Shell
Overview A remotely exploitable buffer overflow exists in the Microsoft Windows Shell. Description There is a buffer overflow in the Microsoft Windows Shell. The Shell provides the basic human-computer interface for Windows systems. Quoting from Microsoft Security Bulletin MS02-014:The Windows...
AOL Instant Messenger vulnerable to denial of service via crafted file name
Overview AOL Instant Messenger AIM 4.1 and prior are vulnerable to a denial of service vulnerability. A denial of service occurs when filenames that contain a "%s" are sent to a victim. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM...
AOL Instant Messenger contains buffer overflows in parsing of AIM URI handler requests
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A buffer overflow vulnerability exists that can manipulate the configuration of the victim's client. Description AIM installs a URI handler that permits the use of the "aim:" protocol on the...
AOL Instant Messenger saves code embedded in image tag to conversation log which could be viewed/executed by a browser
Overview Certain Alpha versions of AOL Instant Messenger AIM, that were leaked, would log errors to a log file. By sending a crafted image file, it may be possible to execute arbitrary script/HTML on a victims browser when they view the log files. Description AOL Instant Messenger has the ability...
AOL Instant Messenger vulnerable to DoS via crafted GIF file
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM allows users to send image files to one another. By sending a crafted GIF image, an attacker can cause the victim's...
Linux kernel IP Masquerading "destination loose" (DLOOSE) configuration passes arbitrary UDP traffic
Overview The default configuration of the IP Masquerade feature of certain Linux 2.2 kernels may allow unsolicited inbound UDP packets to traverse a NAT gateway and reach a translated network. Description As defined in RFC 1631, Network Address Translation NAT provides a means to translate a loca...
IBM AIX Parallel Systems Support Program (PSSP) contains vulnerability in File Collections subsystem allowing arbitrary access to sensitive configuration files
Overview IBM AIX Parallel Systems Support Programs PSSP contains a vulnerability allowing unauthorized access to files in valid file collections. Description IBM PSSP software is used to provide a central point of management control for a cluster of RS/6000 SP nodes and IBM pSeries and IBM RS/600...
ibrow NewsDesk does not securely handle input passed to open()
Overview A vulnerability in ibrow NewsDesk allows an attacker to view files and execute operating system commands with the privileges of the web server. Description ibrow NewsDesk is a Perl CGI script that is designed to create and display news articles on a web site. The code for NewsDesk is...
Lotus Notes does not adequately secure databases thereby permitting arbitrary user to extract file attachments via NSFDbReadObject function call
Overview Lotus Domino Servers 5.x, 4.6x, and 4.5x allow users to associate objects with documents in a database. While these objects appear to be a part of the document, they are actually stored as separate files. A vulnerability exist by which an intruder could view these objects regardless of t...
Jana Server does not adequately validate user input thereby allowing directory traversal
Overview Jana Server contains a directory traversal vulnerability. Description Versions 1.4x of Jana Server, a web server for Windows developed by T. Hauck, do not properly filter requests for hexadecimal encodings of ".." dot-dot and allows directory traversal out of the HTTP document root...
Netwin Surge FTP Server does not adequately validate user input thereby allowing directory traversal
Overview Surge FTP Server 2.0a contains a directory traversal vulnerability. Description Surge FTP Server 2.0a allows remote users to list files outside the FTP root directory. --- Impact Attackers may list files from directories to which access was not granted. --- Solution Upgrade to version...
Microsoft Internet Explorer Permits Remote Command Execution Through <OBJECT> Tag
Overview Microsoft Internet Explorer IE permits the remote execution of arbitrary commands via the tag. Description A vulnerability exists in the way that Microsoft Internet Explorer IE handles tags. If the CLASSID CLSID is unrecognized, then Internet Explorer will execute arbitrary commands...
Apache Web Server vulnerable to DoS via crafted HTTP request
Overview Some versions of the Apache Web server are vulnerable to denial-of-service attacks by crafted HTTP requests. Description A vulnerability exists in some versions the Apache Web HTTPD Server running on Windows 98SE, Windows 2000 SP1, and OS/2. The vulnerability appears to be a bounds...
ypbind contains buffer overflow
Overview The daemon ypbind on Solaris and SunOS contains a buffer overflow vulnerability. Description A buffer overflow vulnerability has been discovered in ypbind, a daemon that runs on all client and server machines running Solaris and SunOS and set up to use a Network Information Server NIS. -...
GnuPG contains format-string vulnerability in handling of encrypted data filename
Overview Some versions of Gnu Privacy Guard GPG contain a format-string vulnerability from improper handling of filenames when decrypting files. Description GPG is an OpenPGP-compliant alternative to PGP to protect electronic communications using public-key cryptography. Versions of GPG prior to...
Microsoft scriptlet.typlib ActiveX object unsafe for scripting from Internet Explorer
Overview The ActiveX control "scriptlet.typlib" is incorrectly marked "safe for scripting" in Internet Explorer IE versions 4.0 and 5.0, when it is actually unsafe for scripting. Description There exists a vulnerability in the default installation of an ActiveX control named "scriptlet.typlib,"...
Microsoft Internet Explorer does not adequately evaluate malformed URLs
Overview Microsoft Internet Explorer contains a serious vulnerability in its handling of zone determination. Description Microsoft Internet Explorer contains a vulnerability in the way in which it handles zone determination. Specifically, HTML scripts stored in cookies should be executed in the...
Microsoft SQL Server contains buffer overflows in openrowset and opendatasource macros
Overview Microsoft SQL Server contains several buffer overflows in "functions that are associated with connecting to remote data sources through 'ad hoc names.'" Description Microsoft SQL Server versions 7.0 and 2000 contain buffer overflows in the openrowset and opendatasource macros. By calling...
HP-UX kernel specifies incorrect arguments for setrlimit()
Overview A problem exists in some versions of the HP-UX kernel allowing an intruder to cause kernel panics. Description Certain versions of HP-UX setrlimit system call contain a vulnerability that permits an intruder to cause kernel panics or compromise the system. Quoting from HP Security Bullet...
XDMCP leaks sensitive information by default configuration
Overview An information leakage vulnerability exists in the default configuration of the X Display Management Console Protocol XDMCP daemon. Description On some operating systems, the X Display Manager Control Protocol XDMCP daemon is set to permit remote access to the local machine from any host...
Oracle9i Application Server PL/SQL Gateway web administration interface uses null authentication by default
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle 9i Application Server iAS. In its default configuration, the PL/SQL module grants unauthenticated access to the PL/SQL gateway web-based administration interface. Description...