3695 matches found
Oracle 9iAS XSQL Servlet ignores file permissions allowing arbitrary users to view sensitive configuration files
Overview It is possible to read the sensitive configuration files from an Oracle 9i Application Server without any authorization. This can lead to an intruder gaining access to sensitive information about the server and potentially compromising it. Description Default installation of the Oracle 9...
Oracle 9i Application Server does not adequately handle requests for nonexistent JSP files thereby disclosing web folder path information
Overview Oracle 9i Application Servers Oracle 9iAS contain a default error page that can be used to find the physical path of files on the system. Description Oracle 9iAS will display a default error page when a nonexistent ".jsp" file is specified. In the body of this page is the entire local pa...
Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"
Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...
Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled
Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to collect fragments of previously processed packets. Description Many networking devices running Cisco IOS with Cisco Express Forwarding CEF enabled contain a...
Multiple implementations of the RADIUS protocol contain a digest calculation buffer overflow
Overview Multiple implementations of the RADIUS protocol contain a buffer overflow in the function that calculates message digests. Description During the message digest calculation, a string containing the shared secret is concatenated with a packet received without checking the size of the targ...
Multiple implementations of the RADIUS protocol do not adequately validate the vendor-length of the vendor-specific attributes
Overview Various RADIUS servers and clients permit the passing of vendor-specific and user-specific attributes. Several implementations of RADIUS fail to check the Vendor-Length of the Vendor-Specific attribute. It's possible to cause a denial of service against RADIUS servers with a malformed...
Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs
Overview There is a remotely exploitable buffer overflow in the Squid proxy/cache server. Exploitation of this vulnerability could lead to an intruder gaining a shell on the target Squid server. Description Squid versions 2.3 and 2.4 are vulnerable to a buffer overflow in the code that parses FTP...
cryptcat does not encrypt data communications when -e command argument is used
Overview With certain options used, cryptcat does not encrypt network connections as expected. Description Cryptcat is an enhanced version of netcat that adds twofish encryption.If cryptcat is started in listen server mode binding a shell to a network port, cryptcat fails to enable encryption...
Linux kernel netfilter IRC DCC helper module creates overly permissive firewall rules
Overview The "netfilter" firewall subsystem included with Linux kernel versions 2.4.x contains a vulnerability that may allow remote attackers to reach hosts that should be protected. Description The "netfilter" subsystem included with Linux kernel versions 2.4.x provides a framework for services...
Oracle9i Application Server allows unauthenticated access to PL/SQL applications via alternate Database Access Descriptor
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. By specifying the Database Access Descriptor DAD used to access a PL/SQL application, an attacker could gain unauthorized access to the application...
mod_ssl and Apache_SSL modules contain a buffer overflow in the implementation of the OpenSSL "i2d_SSL_SESSION" routine
Overview There is a remotely exploitable buffer overflow in two modules that implement the Secure Sockets Layer SSL and Transport Layer Security TLS protocol. This can be used to execute arbitrary code. Description The Secure Sockets Layer SSL and Transport Layer Security TLS protocols are used t...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via cache directory name
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service or execute arbitrary code on the system...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via Database Access Descriptor password
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. Specifying a crafted password for a Database Access Descriptor DAD could cause a denial of service or execute arbitrary code with the...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Authorization header
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. An HTTP Authorization header with a crafted password parameter could allow an unauthenticated remote attacker to cause a denial of...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP request
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. A maliciously crafted HTTP request made to the PL/SQL module could cause a denial of service or execute arbitrary code with the...
PHP contains vulnerability in "php_mime_split" function allowing arbitrary code execution
Overview Vulnerabilities in PHP versions 3 and 4 could allow an intruder to execute arbitrary code with the privileges of the web server. Description PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium,...
Oracle 9iAS allows access to CGI script source code within CGI-BIN directory
Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...
Multiple Oracle 9iAS sample pages contain vulnerabilities
Overview Oracle Application Server version 9iAS installs with sample pages that demonstrate various functions of the software. Many of these pages can be used by attackers to breach the security of the system. Description A fresh installation of Oracle Application Server version 9iAS and possibly...
Oracle 9iAS default configuration allows access to "globals.jsa" file
Overview Oracle Database Server version 9iAS allows remote users to view the "globals.jsa" file used by Java Server Page JSP scripts. The "globals.jsa" file may contain Oracle usernames, passwords, and other configuration information not intended for public viewing, and attackers may use that...
Oracle 9iAS creates temporary files when processing JSP requests that are world-readable
Overview Oracle Database Server version 9iAS makes JSP source code publicly available. The source code may be used by attackers to analyze proprietary business logic or uncover Oracle's network configuration, usernames, and/or passwords. Description When Oracle receives a request for JSP file, it...
Oracle 9iAS default configuration uses well-known default passwords
Overview Oracle Database Server version 9iAS installs with up to 160 distinct default login accounts. The usernames and passwords for these have been made publicly available and could be used by an attacker to gain access to an Oracle server. Description Depending on the components chosen at...
Oracle 9i Database Server PL/SQL module allows remote command execution without authentication
Overview Oracle Database Server allows remote users to execute system commands without authenticating. Description Oracle Database Server provides extended functionality through the use of Procedural Language/Structured Query Language PL/SQL libraries. PL/SQL includes commands to load arbitrary...
Oracle9i Application Server Apache PL/SQL module does not properly handle HTTP Authorization header
Overview A vulnerability exists in the way the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS handles HTTP Authorization headers. This vulnerability could allow an unauthenticated remote attacker to crash the Apache service. Description...
Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive
Overview The Microsoft Internet Explorer HTML rendering engine contains a vulnerability in its handling of the SRC attribute of the HTML directive. An attacker who is able to convince a user to read a malicious HTML file may be able to crash Internt Explorer or execute arbitrary code with the...
Multiple vulnerabilities in SNMPv1 request handling
Overview Multiple vendor SNMPv1 GetRequest, GetNextRequest , and SetRequest message handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior. If your site uses SNMP in any capacity, the CERT/CC encourages yo...
KTH Kerberos Telnet implementations do not strictly enforce client encryption request
Overview A vulnerability exists in the KTH Kerberos IV and Kerberos V Heimdal Telnet implementations. When a KTH Kerberos Telnet client requests data encryption and the server does not appear to support it, the client will establish the connection using no encryption. A properly located attacker...
Adobe PhotoDeluxe does not adequately restrict Java execution
Overview A vulnerability exists in Adobe PhotoDeluxe that allows a malicious web page or HTML email message viewed with Microsoft Internet Explorer to obtain directory listings or potentially download and execute arbitrary code on the local system. Description Adobe PhotoDeluxe is an image...
Kerberos Telnet protocol does not adequately protect authentication and encryption options
Overview A vulnerability exists in the Telnet Authentication Option and Telnet Data Encryption Option specifications. An ordered list of authentication and encryption options sent from the server to client during negotiation is not cryptographically protected. As a result, an attacker may be able...
AOL Instant Messenger exposes local file path during file transfers
Overview AOL Instant Messenger AIM disclose local file paths during transfer. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. When the file is transferred, the entire local pat...
Novell Groupwise contains protocol implementation vulnerability allowing email to be viewed by unauthorized user
Overview Novell GroupWise is an email storage program. Email is encrypted when stored. Usernames and passwords can be acquired by sniffing communications between the client and server. Description In Novell GroupWise email is stored as encrypted data. Clients and servers operating in Live Remote ...
AOL Instant Messenger vulnerable to DoS via crafted packets
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window. Description All versions of AIM for Windows proir to beta version 4.8.2540 contain a buffer overflow that permits an attacker to cause a...
cgiemail web-based email system does not adequately validate user input thereby causing buffer overflow in cgisco.c
Overview There exists a buffer overflow vulnerability in cgiemail that allows execution of arbitrary code. Description cgiemail is a CGI program maintained that composes data submitted on Web forms into email messages. The cgicso.c component of the web-based email system cgiemail contains a buffe...
Multiple vulnerabilities in SNMPv1 trap handling
Overview Multiple vendor SNMPv1 Trap handling implementations contain vulnerabilities that may allow unauthorized privileged access, denial-of-service conditions, or unstable behavior . If your site uses SNMP in any capacity, the CERT/CC encourages you to read the information provided below...
AOL Instant Messenger buffer overflow in screename
Overview A buffer overflow exists in the AOL Instant Messenger AIM client versions 3.5.x and prior when accepting the screenname from the command line, or through the aim protocol. Description AIM installs a protocol on the machine that enables people to post links on their websites, or send them...
ICQ contains a buffer overflow while processing Voice Video & Games feature requests
Overview There is a remotely exploitable buffer overflow in ICQ. Attackers that are able to exploit the vulnerability may be able to execute arbitrary code with the privileges of the victim user. Description ICQ is a program for communicating with other users over the Internet. ICQ is widely used...
AOL Instant Messenger vulnerable to DoS via crafted WAV file
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM allows users to send audio files to one another. By sending a corrupt WAV formatted file, an attacker can cause the...
AOL Instant Messenger vulnerable to buffer overflow via long filename
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM permits users to send files from one peer to another. By sending a file with a long name, it is possible to crash th...
Cisco SN 5420 Storage Router vulnerable to DoS via fragmented packet sent over Gigabit interface
Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a fragmented packet over the Gigabit interface. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending a fragmented packe...
Cisco SN 5420 Storage Router fails to properly authenticate user before granting read access to configuration file
Overview It is possible to read the stored configuration file from the Cisco SN 5420 Storage Router without any authorization. This can lead to an intruder gaining access to the storage space on the router. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router softwa...
Cisco SN 5420 Storage Router vulnerable to DoS via HTTP request containing long headers
Overview It is possible to cause a denial of service of the Cisco SN 5420 Storage Router by sending a HTTP request with a large header. Description A vulnerability has been discovered in the Cisco SN 5420 Storage Router software versions 1.15 and earlier. By sending an HTTP request with a huge...
AOL Instant Messenger vulnerable to buffer overflow via numerous fonts sent to client followed by < HR>
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window and in some cases the operating systemOS. Description AIM for Windows stores font names in the messages sent from one client to another. B...
iPlanet Web Server and Netscape Enterprise Server Web Publisher commands allow directory enumeration
Overview A vulnerability exists in iPlanet Web Server and Netscape Enterprise Server in which Web Publisher commands can be used to obtain directory listings. Description iPlanet Web Server and Netscape Enterprise Server permit unauthenticated remote users to enumerate server directories via Web...
Oracle9i Application Server Apache PL/SQL module does not properly decode URL
Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS in which the module does not properly decode double URL encoded strings. This vulnerability could allow an intruder to read files outside the web...
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server Web Publisher command exposes server to brute force attack
Overview A vulnerability exists in iPlanet Web Server Enterprise Edition and Netscape Enterprise Server that allows an attacker to make repeated authentication attempts if a server is configured to use HTTP basic authentication. While the risk is not greater than any other brute force attack usin...
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server malformed Web Publisher command causes denial-of-service
Overview A vulnerability exists in iPlanet Web Server, Enterprise Edition and Netscape Enterprise Server in which a malformed Web Publisher command can crash the web server process. This vulnerability only affects Windows NT based servers. Description ProCheckup has reported a vulnerability in...
PIX 'established' and 'conduit' command may have unexpected interactions
Overview A somewhat common configuration of Cisco PIX firewalls may permit a window of opportunity in which an intruder can bypass the firewall. This problem was first publicly described in July, 1998. Description Cisco PIX firewalls protecting servers which offer service to the internet-at-large...
Buffer overflow vulnerability in pwck command line utility
Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the pwck utility. Description The pwck utility performs syntax checking of /etc/password and /etc/shadow password information files. This utility contains a buffer overflow vulnerability in the section o...
Buffer overflow vulnerability in grpck command line utility
Overview The CERT/CC has received a public report of a local buffer overflow vulnerability in the grpck utility. Description The grpck utility performs syntax checking of /etc/group and /etc/gshadow group information files. This utility contains a buffer overflow vulnerability in the section of...
Older Versions of Cisco PIX Firewall Manager permits retrieval of files
Overview A vulnerability in versions of the Cisco PIX Firewall Manager PFM in use circa September 1998 allows intruders to retrieve files from the host running PFM. Description A vulnerability in the Cisco PIx FIrewall manager allows an intruder to retrieve files from the host running PFM. In...
Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via help page request
Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial of service or execute arbitrary code on the system...