3702 matches found
IBM AIX nslookup buffer overflow in hostname to lookup
Overview There is a buffer overflow in nslookup that will allow local attackers to gain root privileges on vulnerable AIX systems. Description The nslookup command contains a buffer overflow in the hostname to lookup, allowing local attackers to gain root privileges. The vendor IBM has reported...
IBM AIX portmir buffer overflow
Overview There is a buffer overflow vulnerability in the AIX portmir command that may allow local attackers to gain root privileges. Description There is a buffer overflow in the AIX portmir command. This problem was described in IBM ERS security bulletin: ERS-SVA-E01-1997:006.1. --- Impact...
Beck GmbH IPC@Chip TelnetD vulnerable to brute-force password attack
Overview There is a vulnerability in the Beck IPC@CHIP that may allow an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device contains a telnet server that "leaks information". That is, when an attacker connects to the telnet daemon...
Hewlett-Packard HP-UX Software Distributor (SD-UX) contains vulnerability permitting privilege escalation
Overview HP9000 Series 700/800 running HP-UX releases 10.01, 10.10, 10.20 and 11.00 are affected by a buffer overflow in Hewlett-Packard's HP-UX Software Distributor SD-UX. A local user can exploit this vulnerability to gain elevated privileges. Description Several applications in SD-UX contain...
Beck GmbH IPC@Chip FtpD allows an attacker to gain access to the device
Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to gain access to the device. Description The Beck IPC@CHIP is a single chip embedded webserver. This device also contains an ftp server that is configured by default to allow anonymous access. Additionally, the device...
Taylor UUCP Package fails to properly filter command line arguments
Overview Several Linux/Unix systems ship with a utility package called Taylor UUCP. A component of the UUCP package, uuxqt, fails to properly filter arguments from the commands sent to it. This can allow an intruder to gain elevated privileges and execute commands with the privileges of uucp,...
Buffer Overflows in various email clients
Overview Buffer Overflows in several MIME headers affect a large number of electronic mail clients. Description A variety of electronic mail clients circa 1998 are vulnerable to buffer overflow attacks in the code that processes MIME headers. See the vendor statements referenced below for details...
Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) module permits telnet access when no password has been set
Overview The Cisco 6400 Access Concentrator Node Route Processor 2 NRP2 module permits unauthenticated telnet access when no password has been set. Description The Access Concentrator Node Route Processor is a router blade for the Cisco 6400. It's purpose is to aggregate and terminate incoming...
Default installations of the Lotus Domino web server disclose system information via HTTP headers
Overview The default configuration of the Lotus Domino web server discloses system characteristics to anonymous remote users. Description The default configuration of the Lotus Domino web server discloses system information in the HTTP headers it returns to a web browser. If these headers are...
IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image
Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...
Microsoft IIS FTP service searches all trusted domains for user accounts
Overview The Microsoft IIS FTP Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft IIS FTP Service allows users to establish connections using either local accounts or Windows domain...
Microsoft Windows 2000 Internet Information Server (IIS) and Exchange 2000 vulnerable to DoS via malformed URL (MS01-014)
Overview A vulnerability that affects Microsoft IIS 5.0 and Exchange 2000 allows an intruder to disrupt IIS web services and web-based mail services served via an Exchange server. Description Microsoft IIS 5.0 contains a vulnerability that allows an intruder to cause a memory allocation error by...
Microsoft Windows 2000 Telnet Service uses named pipes with predictable names
Overview The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows unprivileged local users to execute arbitrary code with elevated privileges. Description The Microsoft Windows 2000 Telnet Service creates a named pipe to share information between the processes that handle ea...
Microsoft Windows 2000 Telnet Service searches all trusted domains for user accounts
Overview The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows remote attackers to log in using domain accounts without providing a specific domain name. Description The Microsoft Windows 2000 Telnet Service allows users to establish connections using either local account...
Microsoft Windows 2000 Telnet Service fails to enforce timeouts on idle telnet sessions
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows a remote attacker to place idle...
Microsoft Windows 2000 Telnet Service allows unprivileged local users to terminate sessions via unprotected system calls
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows unprivileged local users to terminate existing telnet sessions. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows unprivileged local users to execute...
Microsoft IIS vulnerable to DoS via invalid request for very long WebDAV requests
Overview Intruders can disrupt the normal operation of an IIS 5.0 server using a malicious Web Distributed Authoring and Versioning WebDAV request. Description WebDAV is an extension to HTTP used to manage content on web servers. Quoting from RFC 2518: WebDAV is an extension to the HTTP/1.1...
Microsoft Windows 2000 Telnet Service contains handle leak
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a resource starvation vulnerability that prevents the server...
Microsoft Windows 2000 Telnet Service fails to reject oversized username input values
Overview The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows remote attackers to disrupt the telnet service on affected servers. Description The Microsoft Windows 2000 Telnet Service contains a vulnerability in the section of code that performs range...
exuberant-ctags creates temporary files insecurely
Overview Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service. Description Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable nam...
Samba creates temporary files insecurely
Overview Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification. Description Samba is an implementation of the Server Message Block SMB protocol. Some versions of samba handle temporary files in an insecure...
Beck IPC@Chip TelnetD vulnerable to account lockout via idle telnet connection
Overview There is a vulnerability in the Beck IPC@CHIP that allows an attacker to create a denial-of-service condition. Description The Beck IPC@CHIP is a single chip embedded webserver. This device contains a telnet server that is configured by default to not have a login timeout. Additionally,...
phpBB does not adequately validate user input thereby allowing user to gain escalated privileges via manipulated SQL query
Overview phpBB is an open-source bulletin board program. There exists a user input validation problem with regard to the parsing of the URL. An intruder can excute limited SQL queries and gain administrative privileges on the bulletin board. Description phpBB has a user input validation problem...
FreeBSD can be compromised locally via signal handlers
Overview The FreeBSD operating system does not adequately clear signal handlers subsequent to a process calling exec on a setuid program. This vulnerability can allow a local attacker to execute arbitrary code as root. Description The unix fork function's purpose is to create a new process from a...
Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL
Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...
Trend Micro InterScan eManager vulnerable to remotely exploitable buffer overflow
Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan eManager. Description Trend Micro InterScan eManager is an application that inspects email traffic flowing into and out of a network for confidential or inappropriate material entering and/or leaving the network. This...
Microsoft Exchange Outlook Web Access fails to authenticate users when searching the Global Address List
Overview Microsoft Exchange servers that offer the Outlook Web Access service are vulnerable to an information disclosure vulnerability that can reveal any email address stored in the Global Address List. Description The Outlook Web Access OWA component of Microsoft Exchange allows users to acces...
Beck GmbH IPC@CHIP HTTPD vulernable to arbitrary file disclosure
Overview The Beck IPC@CHIP web server permits intruders to access files outside the web root. Description The Beck IPC@CHIP is a single chip embedded webserver. The Web Server's root directory is set to / by default. Because of this default setting, an attacker can download arbitrary files from a...
BSD Line Printer Daemon vulnerable to buffer overflow via crafted print request
Overview The line printer daemon enables various clients to share printers over a network. There exists a buffer overflow vulnerability in this daemon that permits remote execution of arbitrary commands with elevated privileges. Description There is a buffer overflow in several implementations of...
phpBB does not adequately validate user input for language selection thereby allowing user to execute arbitrary php code
Overview phpBB is an open-source bulletin board program. A user input validation problem exists with regard to language settings. An intruder can excute arbitrary php code and gain a shell with the privileges of the web server on the system. Description Version 1.4.0 and earlier have a user input...
Multiple intrusion detection systems may be circumvented via %u encoding
Overview Multiple intrusion detection systems may be circumvented via %u encoding allowing intruders to launch attacks undetected. Description Most intrusion detection systems are capable of decoding URLs that are encoded using either the "UTF" or "hex-encode" encoding schemes. Microsoft's...
Network Associates CSMAP and smap/smapd vulnerable to buffer overflow thereby allowing arbitrary command execution
Overview A remotely exploitable buffer overflow exists in the Gauntlet Firewall. Description The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound e-mail.This...
IBM AIX lsfs utility invokes grep and lslv with relative pathnames
Overview The IBM AIX operating system contains a vulnerability in the lsfs utility that allows a local user to execute arbitrary code as root. Description The IBM AIX lsfs utility displays filesystem information such as mount points, permissions and volume sizes. To list this information, it...
ISC InterNetNews (INN) innfeed contains buffer overflow
Overview A locally exploitable buffer overflow exists in ISC InterNetNews. Description InterNetNews is a Usenet/Netnews news server supported by the Internet Software Consortium and volunteers. Innfeed is a component of InterNetNews that implements the NNTP protocol for transerring news between...
Outlook Web Access (OWA) executes scripts contained in email attachment opened via Microsoft Internet Explorer (IE)
Overview Microsoft Outlook Web Access OWA can run malicious scripts on an Exchange server when Internet Explorer IE users open email attachments. Description OWA allows users to access their email accounts on a Microsoft Exchange server from another host through a web browser. When IE users acces...
Cayman gateways are vulnerable to a denial of service via a portscan
Overview Cayman gateways are vulnerable to a denial of service. An attacker can send a number of TCP connect requests or SYN packets, in conjunction with a "Bouncing" vulnerability, and can cause a denial of service to the gateway. Description The gateway will crash after receiving a number of TC...
Cayman gateways are vulnerable to a denial of sevices via a long username or password
Overview Cayman gateways are vulnerable to a denial of service via the entry of a long username or password sent to the HTTP interface. Description Cayman gateways automatically restart upon the entry of a large79+ chars username or password to the HTTP interface. The log will show "restart not i...
Cayman gateways ship with null administrative and user level passwords
Overview Cayman gateways ship without a default password on the admin and user accounts. As long as the gateway is not addressable via the WAN, this can only be accessed and set by anyone on the LAN side. With admin access, the gateway settings can be configured by an intruder. Description Cayman...
Cayman gateways vulnerable to a denial of service via oversized ICMP echo (ping) requests.
Overview Cayman gateways vulnerable to a denial of service via oversized ICMP echo ping requests. Installing the newest version of the vendor software will resolve this vulnerability. Description Cayman gateways running versions 5.5 Build R0, 5.3 Build R2, 5.3 Build R1 are vulnerable to an...
IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the IBM VisualAge Professional Vesion 3.5 Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on...
IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the IBM WebSphere Java Servlet Container 3.5 and earlier are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated...
Aladdin Ghostscript LD_RUN_PATH environment variable allows libraries to be loaded from current directory
Overview Alladin Ghostscript, a previewer for postscript files, uses an insecure value for the LDRUNPATH environment variable. This allows attackers to supply malicious libraries to be loaded from the current directory. Description Alladin Ghostscript is a previewer for postscript files. In...
OpenSSH allows arbitrary file deletion via symlink redirection of temporary file
Overview Due to insecure handling of temporary files, some versions of sshd, an encrypted connection program, can delete any file named "cookies" accessible via the computer running sshd. Description sshd is the server software used to support ssh, a popular encryted connection program. Some...
Linux dump uses environment variables insecurely, allowing for root compromise
Overview Some implementations of the Linux backup utility, dump, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if dump is setuid root. Description Some implementations of the Linux backup utility, dump, permit use of...
Aladdin Ghostscript creates insecure temporary files allowing a local user to create symbolic links to other files
Overview Alladin Ghostscript, a previewer for postscript files, creates temporary files with a predictable names. The creation allows attackers to use symbolic links to overwrite other files on the host. Description Alladin Ghostscript is a previewer for postscript files. It creates temporary fil...
Red Hat linux restore uses insecure environment variables allowing root compromise
Overview Some implementations of the Linux restoration utility, restore, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if restore is setuid root. Description Some implementations of the Linux restoration utility, restore...
sort creates temporary files insecurely
Overview The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack. Description The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of th...
Microsoft Windows 2000 SMTP service fails to properly authenticate credentials of unauthorized user (MS01-037)
Overview A vulnerability exists in the SMTP service installed by default on Microsoft Windows 2000 Server and optionally on Windows 2000 professional that could allow an intruder to use the service to send mail. Description The Simple Mail Transfer Protocol SMTP is the standard protocol used to...
Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the Apache Tomcat Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...
Standard HTML form implementation allows access to IMAP, SMTP, NNTP, POP3, and other services via crafted HTML page
Overview An intruder can send certain kinds of data to services that he is not ordinarily able to reach. By crafting the data such that it is redirected through any program the victim uses to render the malicious HTML, the intruder is able send that data to any services that the victim can send...