3695 matches found
Buffer Overflows in various email clients
Overview Buffer Overflows in several MIME headers affect a large number of electronic mail clients. Description A variety of electronic mail clients circa 1998 are vulnerable to buffer overflow attacks in the code that processes MIME headers. See the vendor statements referenced below for details...
Default installations of the Lotus Domino web server disclose system information via HTTP headers
Overview The default configuration of the Lotus Domino web server discloses system characteristics to anonymous remote users. Description The default configuration of the Lotus Domino web server discloses system information in the HTTP headers it returns to a web browser. If these headers are...
IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image
Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...
Microsoft Windows 2000 Telnet Service allows unprivileged local users to terminate sessions via unprotected system calls
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows unprivileged local users to terminate existing telnet sessions. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows unprivileged local users to execute...
Microsoft Windows 2000 Telnet Service searches all trusted domains for user accounts
Overview The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft Windows 2000 Telnet Service allows users to establish connections using either local account...
Microsoft IIS vulnerable to DoS via invalid request for very long WebDAV requests
Overview Intruders can disrupt the normal operation of an IIS 5.0 server using a malicious Web Distributed Authoring and Versioning WebDAV request. Description WebDAV is an extension to HTTP used to manage content on web servers. Quoting from RFC 2518: WebDAV is an extension to the HTTP/1.1...
Microsoft IIS FTP service searches all trusted domains for user accounts
Overview The Microsoft IIS FTP Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft IIS FTP Service allows users to establish connections using either local accounts or Windows domain...
Microsoft Windows 2000 Telnet Service fails to reject oversized username input values
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability in the section of code that performs range...
Microsoft Windows 2000 Internet Information Server (IIS) and Exchange 2000 vulnerable to DoS via malformed URL (MS01-014)
Overview A vulnerability that affects Microsoft IIS 5.0 and Exchange 2000 allows an intruder to disrupt IIS web services and web-based mail services served via an Exchange server. Description Microsoft IIS 5.0 contains a vulnerability that allows an intruder to cause a memory allocation error by...
Microsoft Windows 2000 Telnet Service uses named pipes with predictable names
Overview The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows unprivileged local users to execute arbitrary code with elevated privileges. Description The Microsoft Windows 2000 Telnet Service creates a named pipe to share information between the processes that handle ea...
Microsoft Windows 2000 Telnet Service contains handle leak
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a resource starvation vulnerability that prevents the server...
Microsoft Windows 2000 Telnet Service fails to enforce timeouts on idle telnet sessions
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows a remote attacker to place idle...
phpBB does not adequately validate user input thereby allowing user to gain escalated privileges via manipulated SQL query
Overview phpBB is an open-source bulletin board program. There exists a user input validation problem with regard to the parsing of the URL. An intruder can excute limited SQL queries and gain administrative privileges on the bulletin board. Description phpBB has a user input validation problem...
exuberant-ctags creates temporary files insecurely
Overview Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service. Description Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable nam...
Beck IPC@Chip TelnetD vulnerable to account lockout via idle telnet connection
Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to create a denial-of-service condition. Description The Beck IPC@CHIP is a single chip embedded webserver. This device contains a telnet server that is configured by default to not have a login timeout. Additionally,...
Samba creates temporary files insecurely
Overview Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification. Description Samba is an implementation of the Server Message Block SMB protocol. Some versions of samba handle temporary files in an insecure...
Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL
Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...
FreeBSD can be compromised locally via signal handlers
Overview The FreeBSD operating system does not adequately clear signal handlers subsequent to a process calling exec on a setuid program. This vulnerability can allow a local attacker to execute arbitrary code as root. Description The unix fork function's purpose is to create a new process from a...
Trend Micro InterScan eManager vulnerable to remotely exploitable buffer overflow
Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan eManager. Description Trend Micro InterScan eManager is an application that inspects email traffic flowing into and out of a network for confidential or inappropriate material entering and/or leaving the network. This...
Microsoft Exchange Outlook Web Access fails to authenticate users when searching the Global Address List
Overview Microsoft Exchange servers that offer the Outlook Web Access service are vulnerable to an information disclosure vulnerability that can reveal any email address stored in the Global Address List. Description The Outlook Web Access OWA component of Microsoft Exchange allows users to acces...
Beck GmbH IPC@CHIP HTTPD vulernable to arbitrary file disclosure
Overview The Beck IPC@CHIP web server permits intruders to access files outside the web root. Description The Beck IPC@CHIP is a single chip embedded webserver. The Web Server's root directory is set to / by default. Because of this default setting, an attacker can download arbitrary files from a...
BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request
Overview The line printer daemon enables various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges. Description There is a buffer overflow in several implementations of...
phpBB does not adequately validate user input for language selection thereby allowing user to execute arbitrary php code
Overview phpBB is an open-source bulletin board program. A user input validation problem exists with regard to language settings. An intruder can excute arbitrary php code and gain a shell with the privileges of the web server on the system. Description Version 1.4.0 and earlier have a user input...
Multiple intrusion detection systems may be circumvented via %u encoding
Overview Multiple intrusion detection systems may be circumvented via %u encoding allowing intruders to launch attacks undetected. Description Most intrusion detection systems are capable of decoding URLs that are encoded using either the "UTF" or "hex-encode" encoding schemes. Microsoft's...
Network Associates CSMAP and smap/smapd vulnerable to buffer overflow thereby allowing arbitrary command execution
Overview A remotely exploitable buffer overflow exists in the Gauntlet Firewall. Description The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound e-mail.This...
ISC InterNetNews (INN) innfeed contains buffer overflow
Overview A locally exploitable buffer overflow exists in ISC InterNetNews. Description InterNetNews is a Usenet/Netnews news server supported by the Internet Software Consortium and volunteers. Innfeed is a component of InterNetNews that implements the NNTP protocol for transerring news between...
IBM AIX lsfs utility invokes grep and lslv with relative pathnames
Overview The IBM AIX operating system contains a vulnerability in the lsfs utility that allows a local user to execute arbitrary code as root. Description The IBM AIX lsfs utility displays filesystem information such as mount points, permissions and volume sizes. To list this information, it...
Outlook Web Access (OWA) executes scripts contained in email attachment opened via Microsoft Internet Explorer (IE)
Overview Microsoft Outlook Web Access OWA can run malicious scripts on an Exchange server when Internet Explorer IE users open email attachments. Description OWA allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser. When IE users acces...
Cayman gateways are vulnerable to a denial of service via a portscan
Overview Cayman gateways are vulnerable to a denial of service. An attacker can send a number of TCP connect requests or SYN packets, in conjunction with a "Bouncing" vulnerability, and can cause a denial of service to the gateway. Description The gateway will crash after receiving a number of TC...
Cayman gateways vulnerable to a denial of service via oversized ICMP echo (ping) requests.
Overview Cayman gateways vulnerable to a denial of service via oversized ICMP echo ping requests. Installing the newest version of the vendor software will resolve this vulnerability. Description Cayman gateways running versions 5.5 Build R0, 5.3 Build R2, 5.3 Build R1 are vulnerable to an...
IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the IBM VisualAge Professional Vesion 3.5 Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on...
Cayman gateways ship with null administrative and user level passwords
Overview Cayman gateways ship without a default password on the admin and user accounts. As long as the gateway is not addressable via the WAN, this can only be accessed and set by anyone on the LAN side. With admin access, the gateway settings can be configured by an intruder. Description Cayman...
Cayman gateways are vulnerable to a denial of sevices via a long username or password
Overview Cayman gateways are vulnerable to a denial of service via the entry of a long username or password sent to the HTTP interface. Description Cayman gateways automatically restart upon the entry of a large79+ chars username or password to the HTTP interface. The log will show "restart not i...
IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the IBM WebSphere Java Servlet Container 3.5 and earlier are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated...
OpenSSH allows arbitrary file deletion via symlink redirection of temporary file
Overview Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named "cookies" accessible via the computer running sshd. Description sshd is the server software used to support ssh, a popular encryted connection program. Some...
Linux dump uses environment variables insecurely, allowing for root compromise
Overview Some implementations of the Linux backup utility, dump, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if dump is setuid root. Description Some implementations of the Linux backup utility, dump, permit use of...
Aladdin Ghostscript creates insecure temporary files allowing a local user to create symbolic links to other files
Overview Alladin Ghostscript, a previewer for postscript files, creates temporary files with a predictable names. The creation allows attackers to use symbolic links to overwrite other files on the host. Description Alladin Ghostscript is a previewer for postscript files. It creates temporary fil...
Red Hat linux restore uses insecure environment variables allowing root compromise
Overview Some implementations of the Linux restoration utility, restore, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if restore is setuid root. Description Some implementations of the Linux restoration utility, restore...
Aladdin Ghostscript LD_RUN_PATH environment variable allows libraries to be loaded from current directory
Overview Alladin Ghostscript, a previewer for postscript files, uses an insecure value for the LDRUNPATH environment variable. This allows attackers to supply malicious libraries to be loaded from the current directory. Description Alladin Ghostscript is a previewer for postscript files. In...
sort creates temporary files insecurely
Overview The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack. Description The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of th...
Microsoft Windows 2000 SMTP service fails to properly authenticate credentials of unauthorized user (MS01-037)
Overview A vulnerability exists in the SMTP service installed by default on Microsoft Windows 2000 Server and optionally on Windows 2000 professional that could allow an intruder to use the service to send mail. Description The Simple Mail Transfer Protocol SMTP is the standard protocol used to...
Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the Apache Tomcat Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...
Standard HTML form implementation allows access to IMAP, SMTP, NNTP, POP3, and other services via crafted HTML page
Overview An intruder can send certain kinds of data to services that he is not ordinarily able to reach. By crafting the data such that it is redirected through any program the victim uses to render the malicious HTML, the intruder is able send that data to any services that the victim can send...
MS Windows NT Terminal Server 4.0 buffer overflow in regapi.dll allows remote code execution or DoS
Overview Microsoft Windows NT 4.0 Terminal Server contains a buffer overflow that could allow an intruder to execute arbitrary code with the privileges of an administrator. Description There is a buffer overflow in the code that processes the username specifically in RegAPI.DLL in Microsoft Windo...
Internet Explorer DHTML"Download Behavior" can be tricked into exposing local files
Overview The download behavior of Internet Explorer 5.0 can be used to perform arbitrary operations on local files. Description Internet Explorer 5.0 includes a dynamic HTML DHTML behavior called "download behavior." A "behavior" is a software object that specifies some behavior of a web page...
Hewlett Packard HP-UX pcltotiff is installed with insecure permissions
Overview The utility pcltotiff is installed with insecure permissions on some Hewlett Packard systems. Description The HP utility pcltotiff is installed with sgid bin permissions in order to read files in /usr/lib/X11/fonts/ifo.st/typefaces/. This gives more permissions to pcltotiff than are...
Hewlett-Packard Virtual Vault OS (VVOS) contains vulnerability in mkacct program
Overview There is a vulnerability in the /sbin/mkacct program, part of Hewlett Packard's Virtual Vault Operating System VVOS. Description Virtual Vault is an environment "designed for use in the financial services, telecommunications, manufacturing, and retail industries to provide services such ...
TrendMicro InterScan WebManager contains buffer overflow in RegGo.dll
Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan WebManager. Description InterScan WebManager is an application that inspects http traffic flowing into a network for known malicious code. This application also has the capability to restrict access to...
Microsoft Internet Information Server 4.0 (IIS) vulnerable to DoS when URL redirecting is enabled
Overview A vulnerability in IIS 4.0 may permit intruders to crash vulnerable IIS servers with URL redirection enabled. Description A vulnerability in Microsoft IIS 4.0 allows an attacker to crash IIS 4.0 servers if they are configured to use URL redirection. URL redirection is not used by default...
OpenSSH disregards client configuration and allows server access to ssh-agent and/or X11 after session negotiation
Overview Versions of OpenSSH client prior to 2.3.0 do not properly enforce restrictions to the ssh-agent or X11 display. Description An OpenSSH client can be configured to prevent servers from accessing the client's ssh-agent or X11 display. However, versions of OpenSSH client prior to 2.3.0 fail...