3702 matches found
Oracle 9iAS allows anonymous remote users to view sensitive Apache services by default
Overview Oracle Application Server 9iAS allows remote users to access several Apache services without authentication. Description Oracle Application Server 9iAS includes the Apache Web server and several Apache services. In the default install configuration, many of these services, including...
Oracle 9iAS SOAP components allow anonymous users to deploy applications by default
Overview Oracle Application Server 9iAS installs with Simple Object Access Protocol SOAP enabled by default and allows unauthenticated remote users to deploy and undeploy SOAP services and providers. Description Oracle Application Server 9iAS supports Simple Object Access Protocol SOAP, an...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Location header
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial of service or execute arbitrary code on the system...
Oracle9i Application Server OWA_UTIL procedures expose sensitive information
Overview Oracle9i Application Server iAS provides a Procedural Language/Structured Query Language PL/SQL application package called OWAUTIL that provides web access to a number of stored procedures. These procedures could be used by an attacker to view the source code of PL/SQL applications, obta...
Double Free Bug in zlib Compression Library Corrupts malloc's Internal Data Structures
Overview There is a bug in the zlib compression library that may manifest itself as a vulnerability in programs that are linked with zlib. This may allow an attacker to conduct a denial-of-service attack, gather information, or execute arbitrary code. It is important to note that the CERT/CC has...
OpenSSH contains a one-off overflow of an array in the channel handling code
Overview OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server. Description OpenSSH versions 2.0 - 3.0.2 contain a one-off overflow of an array in the code that handl...
Oracle 9iAS default configuration allows arbitrary users to view sensitive configuration files
Overview It is possible to read the "XSQLConfig.xml" and "soapConfig.xml" configuration files from an Oracle 9i Application Server under the default installation without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially...
Oracle 9i Application Server does not adequately handle requests for nonexistent JSP files thereby disclosing web folder path information
Overview Oracle 9i Application Servers Oracle 9iAS contain a default error page that can be used to find the physical path of files on the system. Description Oracle 9iAS will display a default error page when a nonexistent ".jsp" file is specified. In the body of this page is the entire local pa...
Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"
Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...
Oracle 9iAS XSQL Servlet ignores file permissions allowing arbitrary users to view sensitive configuration files
Overview It is possible to read the sensitive configuration files from an Oracle 9i Application Server without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially compromising it. Description Default installation of the Oracle 9...
Multiple implementations of the RADIUS protocol contain a digest calculation buffer overflow
Overview Multiple implementations of the RADIUS protocol contain a buffer overflow in the function that calculates message digests. Description During the message digest calculation, a string containing the shared secret is concatenated with a packet received without checking the size of the targ...
Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled
Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to collect fragments of previously processed packets. Description Many networking devices running Cisco IOS with Cisco Express Forwarding CEF enabled contain a...
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes
Overview Various RADIUS servers and clients permit the passing of vendor-specific and user-specific attributes. Several implementations of RADIUS fail to check the Vendor-Length of the Vendor-Specific attribute. It's possible to cause a denial of service against RADIUS servers with a malformed...
Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs
Overview There is a remotely exploitable buffer overflow in the Squid proxy/cache server. Exploitation of this vulnerability could lead to an intruder gaining a shell on the target Squid server. Description Squid versions 2.3 and 2.4 are vulnerable to a buffer overflow in the code that parses FTP...
cryptcat does not encrypt data communications when -e command argument is used
Overview With certain options used, cryptcat does not encrypt network connections as expected. Description Cryptcat is an enhanced version of netcat that adds twofish encryption.If cryptcat is started in listen server mode binding a shell to a network port, cryptcat fails to enable encryption...
Linux kernel netfilter IRC DCC helper module creates overly permissive firewall rules
Overview The "netfilter" firewall subsystem included with Linux kernel versions 2.4.x contains a vulnerability that may allow remote attackers to reach hosts that should be protected. Description The "netfilter" subsystem included with Linux kernel versions 2.4.x provides a framework for services...
mod_ssl and Apache_SSL modules contain a buffer overflow in the implementation of the OpenSSL "i2d_SSL_SESSION" routine
Overview There is a remotely exploitable buffer overflow in two modules that implement the Secure Sockets Layer SSL and Transport Layer Security TLS protocol. This can be used to execute arbitrary code. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are used t...
Oracle9i Application Server allows unauthenticated access to PL/SQL applications via alternate Database Access Descriptor
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. By specifying the Database Access Descriptor DAD used to access a PL/SQL application, an attacker could gain unauthorized access to the application...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via cache directory name
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service or execute arbitrary code on the system...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP request
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. A maliciously crafted HTTP request made to the PL/SQL module could cause a denial of service or execute arbitrary code with the...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via Database Access Descriptor password
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. Specifying a crafted password for a Database Access Descriptor DAD could cause a denial of service or execute arbitrary code with the...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Authorization header
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. An HTTP Authorization header with a crafted password parameter could allow an unauthenticated remote attacker to cause a denial of...
PHP contains vulnerability in "php_mime_split" function allowing arbitrary code execution
Overview Vulnerabilities in PHP versions 3 and 4 could allow an intruder to execute arbitrary code with the privileges of the web server. Description PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium,...
Oracle 9iAS allows access to CGI script source code within CGI-BIN directory
Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...
Oracle 9iAS default configuration allows access to "globals.jsa" file
Overview Oracle Database Server version 9iAS allows remote users to view the "globals.jsa" file used by Java Server Page JSP scripts. The "globals.jsa" file may contain Oracle usernames, passwords, and other configuration information not intended for public viewing, and attackers may use that...
Oracle 9iAS default configuration uses well-known default passwords
Overview Oracle Database Server version 9iAS installs with up to 160 distinct default login accounts. The usernames and passwords for these have been made publicly available and could be used by an attacker to gain access to an Oracle server. Description Depending on the components chosen at...
Multiple Oracle 9iAS sample pages contain vulnerabilities
Overview Oracle Application Server version 9iAS installs with sample pages that demonstrate various functions of the software. Many of these pages can be used by attackers to breach the security of the system. Description A fresh installation of Oracle Application Server version 9iAS and possibly...
Oracle 9iAS creates temporary files when processing JSP requests that are world-readable
Overview Oracle Database Server version 9iAS makes JSP source code publicly available. The source code may be used by attackers to analyze proprietary business logic or uncover Oracle's network configuration, usernames, and/or passwords. Description When Oracle receives a request for JSP file, it...
Oracle 9i Database Server PL/SQL module allows remote command execution without authentication
Overview Oracle Database Server allows remote users to execute system commands without authenticating. Description Oracle Database Server provides extended functionality through the use of Procedural Language/Structured Query Language PL/SQL libraries. PL/SQL includes commands to load arbitrary...
Oracle9i Application Server Apache PL/SQL module does not properly handle HTTP Authorization header
Overview A vulnerability exists in the way the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS handles HTTP Authorization headers. This vulnerability could allow an unauthenticated remote attacker to crash the Apache service. Description...
Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive
Overview The Microsoft Internet Explorer HTML rendering engine contains a vulnerability in its handling of the SRC attribute of the HTML directive. An attacker who is able to convince a user to read a malicious HTML file may be able to crash Internt Explorer or execute arbitrary code with the...
Multiple vulnerabilities in SNMPv1 request handling
Overview Multiple vendor SNMPv1 GetRequest, GetNextRequest , and SetRequest message handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior. If your site uses SNMP in any capacity, the CERT/CC encourages yo...
KTH Kerberos Telnet implementations do not strictly enforce client encryption request
Overview A vulnerability exists in the KTH Kerberos IV and Kerberos V Heimdal Telnet implementations. When a KTH Kerberos Telnet client requests data encryption and the server does not appear to support it, the client will establish the connection using no encryption. A properly located attacker...
Adobe PhotoDeluxe does not adequately restrict Java execution
Overview A vulnerability exists in Adobe PhotoDeluxe that allows a malicious web page or HTML email message viewed with Microsoft Internet Explorer to obtain directory listings or potentially download and execute arbitrary code on the local system. Description Adobe PhotoDeluxe is an image...
Kerberos Telnet protocol does not adequately protect authentication and encryption options
Overview A vulnerability exists in the Telnet Authentication Option and Telnet Data Encryption Option specifications. An ordered list of authentication and encryption options sent from the server to client during negotiation is not cryptographically protected. As a result, an attacker may be able...
AOL Instant Messenger vulnerable to DoS via crafted packets
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window. Description All versions of AIM for Windows proir to beta version 4.8.2540 contain a buffer overflow that permits an attacker to cause a...
Novell Groupwise contains protocol implementation vulnerability allowing email to be viewed by unauthorized user
Overview Novell GroupWise is an email storage program. Email is encrypted when stored. Usernames and passwords can be acquired by sniffing communications between the client and server. Description In Novell GroupWise email is stored as encrypted data. Clients and servers operating in Live Remote ...
AOL Instant Messenger exposes local file path during file transfers
Overview AOL Instant Messenger AIM disclose local file paths during transfer. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. When the file is transferred, the entire local pat...
AOL Instant Messenger buffer overflow in screename
Overview A buffer overflow exists in the AOL Instant Messenger AIM client versions 3.5.x and prior when accepting the screenname from the command line, or through the aim protocol. Description AIM installs a protocol on the machine that enables people to post links on their websites, or send them...
cgiemail web-based email system does not adequately validate user input thereby causing buffer overflow in cgisco.c
Overview There exists a buffer overflow vulnerability in cgiemail that allows execution of arbitrary code. Description cgiemail is a CGI program maintained that composes data submitted on Web forms into email messages. The cgicso.c component of the web-based email system cgiemail contains a buffe...
Multiple vulnerabilities in SNMPv1 trap handling
Overview Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below...
ICQ contains a buffer overflow while processing Voice Video & Games feature requests
Overview There is a remotely exploitable buffer overflow in ICQ. Attackers that are able to exploit the vulnerability may be able to execute arbitrary code with the privileges of the victim user. Description ICQ is a program for communicating with other users over the Internet. ICQ is widely used...
Cisco SN 5420 Storage Router vulnerable to DoS via fragmented packet sent over Gigabit interface
Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a fragmented packet over the Gigabit interface. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending a fragmented packe...
Cisco SN 5420 Storage Router fails to properly authenticate user before granting read access to configuration file
Overview It is possible to read the stored configuration file from the Cisco SN 5420 Storage Router without any authorization. This can lead to an intruder gaining access to the storage space on the router. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router softwa...
Cisco SN 5420 Storage Router vulnerable to DoS via HTTP request containing long headers
Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a HTTP request with a large header. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending an HTTP request with a huge...
AOL Instant Messenger vulnerable to buffer overflow via long filename
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM permits users to send files from one peer to another. By sending a file with a long name, it is possible to crash th...
AOL Instant Messenger vulnerable to DoS via crafted WAV file
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM allows users to send audio files to one another. By sending a corrupt WAV formatted file, an attacker can cause the...
AOL Instant Messenger vulnerable to buffer overflow via numerous fonts sent to client followed by < HR>
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window and in some cases the operating systemOS. Description AIM for Windows stores font names in the messages sent from one client to another. B...
iPlanet Web Server and Netscape Enterprise Server Web Publisher commands allow directory enumeration
Overview A vulnerability exists in iPlanet Web Server and Netscape Enterprise Server in which Web Publisher commands can be used to obtain directory listings. Description iPlanet Web Server and Netscape Enterprise Server permit unauthenticated remote users to enumerate server directories via Web...
Oracle9i Application Server Apache PL/SQL module does not properly decode URL
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS in which the module does not properly decode double URL encoded strings. This vulnerability could allow an intruder to read files outside the web...