Microsoft Agent crafted URL vulnerability

Added: 09/11/2007 CVE: CVE-2007-3040 BID: 25566 OSVDB: 36934 Background Microsoft Agent is a component of the Windows operating system designed to make using a computer easier through enriched user interaction. Problem A vulnerability in Microsoft Agent allows command execution when a user loads ...

Snort Back Orifice Pre-Processor buffer overflow

Added: 08/28/2007 CVE: CVE-2005-3252 BID: 15131 OSVDB: 20034 Background Back Orifice is a remote system administration program for Windows. It is commonly installed by attackers or Trojan Horse programs for use as a backdoor. Snort is an open-source intrusion detection system. It includes a Back...

Trend Micro ServerProtect RPC NTF_SetPagerNotifyConfig buffer overflow

Added: 08/23/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39754 Background ServerProtect is a virus scanner for servers. Problem A buffer overflow in the NTFSetPagerNotifyConfig function within the Notification.dll library allows remote attackers to execute arbitrary commands by sending a specially...

Novell Client 4.91 SP4 nwspool.dll buffer overflow

Added: 08/10/2007 CVE: CVE-2007-6701 BID: 25092 OSVDB: 37319 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote...

Windows rshd buffer overflow

Added: 08/03/2007 CVE: CVE-2007-4006 BID: 25044 OSVDB: 38572 Background The Windows implementation of RSHD is a remote shell daemon which has been adapted to run on Windows platforms. Problem A buffer overflow vulnerability in the Windows implementation of RSHD allows remote attackers to execute...

Snort DCE/RPC preprocessor buffer overflow

Added: 07/09/2007 CVE: CVE-2006-5276 BID: 22616 OSVDB: 32094 Background Snort is an open-source intrusion detection system. It includes a DCE/RPC preprocessor, which reassembles DCE/RPC traffic before it is passed to the intrusion detection engine. Problem A buffer overflow vulnerability in the...

RealPlayer SMIL file wallclock buffer overflow

Added: 06/29/2007 CVE: CVE-2007-3410 BID: 24658 OSVDB: 37374 Background RealPlayer includes support for Synchronized Multimedia Integration Language SMIL files. Problem A buffer overflow vulnerability in the wallclock function could allow command execution upon opening a specially crafted SMIL...

CA Antivirus engine CAB handling buffer overflow

Added: 06/07/2007 CVE: CVE-2007-2864 BID: 24330 OSVDB: 35245 Background The CA Antivirus engine is included in multiple CA products. Problem A buffer overflow vulnerability in the CA Antivirus engine allows command execution when a CAB file containing a specially crafted "coffFiles" field is...

BrightStor ARCserve Media Server SUN RPC buffer overflow

Added: 05/03/2007 CVE: CVE-2007-2139 BID: 23635 OSVDB: 34127 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. ARCserve Media Server is a component which comes with ARCserve Backup. Problem ARCserve Media Server is affected by multiple buffer...

Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow

Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...

Lotus Domino IMAP CRAM-MD5 authentication buffer overflow

Added: 04/23/2007 CVE: CVE-2007-1675 BID: 23172 OSVDB: 34091 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem A buffer overflow vulnerability in the CRAM-MD5 authentication function in the Lotus Domino IMAP service allows remote attackers to...

SupportSoft tgctlsi.dll ActiveX control buffer overflow

Added: 03/15/2007 CVE: CVE-2006-6490 BID: 22564 OSVDB: 33481 Background SupportSoft ActiveX controls are used by third-party products to provide remote technical support. Problem SupportSoft ActiveX controls are affected by multiple buffer overflow vulnerabilities which can lead to command...

snmpXdmid buffer overflow

Added: 03/12/2007 CVE: CVE-2001-0236 BID: 2417 OSVDB: 546 Background The SNMP to DMI mapper daemon snmpXdmid translates Simple Network Management Protocol SNMP events to Desktop Management Interface DMI indications and vice-versa. Problem snmpXdmid is affected by a buffer overflow vulnerability...

VERITAS NetBackup bpcd daemon command chaining vulnerability

Added: 02/16/2007 CVE: CVE-2006-4902 BID: 21565 OSVDB: 31334 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The NetBackup bpcd daemon fails to properly validate chained commands. A remote attacker could execute arbitrary commands by appending the...

HP Mercury LoadRunner mchan.dll buffer overflow

Added: 02/16/2007 CVE: CVE-2007-0446 BID: 22487 OSVDB: 33132 Background HP Mercury LoadRunner is a load testing solution. Problem A buffer overflow in the mchan.dll library allows remote attackers to execute arbitrary commands by sending a packet with a long serveripname field to port 54345/TCP...

BrightStor ARCserve Backup Tape Engine opnum 0xCF buffer overflow

Added: 02/09/2007 CVE: CVE-2007-0169 BID: 22005 OSVDB: 31327 Background The BrightStor ARCserve Backup server includes a Backup Tape Engine feature which allows use of tape drives for storage. Problem A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary...

Microsoft Visual Studio 2005 WMI Object Broker vulnerability

Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...

3Com TFTP server Transporting Mode buffer overflow

Added: 12/08/2006 CVE: CVE-2006-6183 BID: 21301 OSVDB: 30758 Background 3CTftpSvc by 3Com is a freeware implementation of the TFTP protocol for Windows. Problem A buffer overflow vulnerability in the 3Com TFTP server allows remote attackers to execute arbitrary commands by sending a long, special...

Novell Client nwspool.dll buffer overflow

Added: 12/01/2006 CVE: CVE-2006-5854 BID: 21220 OSVDB: 30547 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflows in the EnumPrinters and OpenPrinter functions, allowing remote...

Microsoft SSL library PCT buffer overflow

Added: 10/13/2006 CVE: CVE-2003-0719 BID: 10116 OSVDB: 5250 Background The Microsoft Secure Sockets Layer SSL library provides support for a number of secure communication protocols, including the Private Communication Technology PCT protocol. Since PCT has been superceded by SSL 3.0, the Microso...

Microsoft PowerPoint NamedShows record code execution

Added: 10/12/2006 CVE: CVE-2006-4694 BID: 20226 OSVDB: 29259 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem Improper handling of malformed NamedShows records in PowerPoint files allows command execution. Resolution Apply the patch...

IMail SMTP RCPT TO buffer overflow

Added: 09/29/2006 CVE: CVE-2006-4379 BID: 19885 OSVDB: 28576 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow vulnerability in the SMTP daemon allows remote command execution by sending a RCPT TO argument containing a long string between @ and : characters...

Windows Server Service buffer overflow

Added: 08/11/2006 CVE: CVE-2006-3439 BID: 19409 OSVDB: 27845 Background The Windows Server Service supports file, print, and named-pipe sharing over the network. Problem A buffer overflow vulnerability in the Windows Server Service allows remote attackers to execute arbitrary commands. Resolution...

Windows RASMAN registry corruption vulnerability

Added: 07/28/2006 CVE: CVE-2006-2371 BID: 18358 OSVDB: 26436 Background The Routing and Remote Access Service RRAS allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. The Remote Access Connection Manager RASMAN service handles the detail...

ntdll.dll buffer overflow via IIS 5.0 WebDAV

Added: 07/18/2006 CVE: CVE-2003-0109 BID: 7116 OSVDB: 4467 Background The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS. Problem A buffer overflow in ntdll.dll allo...

eSignal WinSig.exe buffer overflow

Added: 07/14/2006 CVE: CVE-2004-1868 BID: 9978 OSVDB: 4583 Background eSignal is a tool which provides real-time financial and market information. Its main application, WinSig.exe, services requests on port 80/TCP. Problem A buffer overflow vulnerability in eSignal allows remote attackers to...

Mozilla Firefox GIF processing buffer overflow

Added: 06/09/2006 CVE: CVE-2005-0399 BID: 12881 OSVDB: 14937 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A heap overflow in Mozilla Firefox when processing GIF images with the obsolete Netscape extension 2 allows command execution when a use...

HP OpenView OmniBack directory traversal

Added: 06/06/2006 CVE: CVE-2001-0311 BID: 11032 OSVDB: 6018 Background HP OpenView is a suite of tools for managing networks. The OmniBack component provides backup and restoration capabilities. Problem A directory traversal vulnerability in the OmniBack service allows a remote attacker to run a...

IMail IMAP DELETE command buffer overflow

Added: 06/01/2006 CVE: CVE-2004-1520 BID: 11675 OSVDB: 11838 Background IMail is an e-mail server for Windows platforms. Problem A buffer overflow in the IMAP service could allow remote attackers to execute commands by sending a long, specially crafted DELETE command. The attacker would need to...

TWiki Search.pm shell command injection

Added: 04/06/2006 CVE: CVE-2004-1037 BID: 11674 OSVDB: 11714 Background TWiki is a web-based collaboration platform written in PERL. Problem The Search.pm module does not sufficiently check search strings for illegal characters, allowing remote attackers to execute commands using search strings...

cachefsd heap overflow

Added: 04/05/2006 CVE: CVE-2002-0033 BID: 4674 OSVDB: 779 Background cachefsd is an RPC service which supports local caching of Network File Systems NFS, thereby improving performance on filesystems mounted from an NFS server. Problem A heap overflow in cachefsd allows remote command execution...

Internet Explorer createTextRange memory corruption

Added: 03/28/2006 CVE: CVE-2006-1359 BID: 17196 OSVDB: 24050 Background The createTextRange dynamic HTML method creates a text range object for an HTML element. Problem A flaw in the handling of unexpected createTextRange method calls by certain HTML objects could result in command execution...

Novell ZENworks Remote Management authentication buffer overflow

Added: 03/02/2006 CVE: CVE-2005-1543 BID: 13678 OSVDB: 16698 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Novell ZENworks Remote Management service is affected by a buffer overflow when processing authentication...

Trend Micro ServerProtect Management Console isaNVWRequest.dll chunked POST buffer overflow

Added: 01/24/2006 CVE: CVE-2005-1929 BID: 15865 OSVDB: 21771 Background ServerProtect is a virus scanner for servers. Problem A buffer overflow in ServerProtect Management Console could allow a remote attacker to execute commands using a chunked POST request to isaNVWRequest.dll. Resolution Use t...

sadmind AUTH_SYS authentication vulnerability

Added: 01/09/2006 CVE: CVE-2003-0722 BID: 8615 OSVDB: 4585 Background sadmind is a service which coordinates distributed system administration operations remotely. The Sun Solstice AdminSuite runs sadmind with the AUTHSYS authentication method by default. Problem The sadmind running with the...

Windows password weakness

Added: 12/19/2005 CVE: CVE-1999-0503 Background Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permissi...

Internet Explorer onload window vulnerability

Added: 12/01/2005 CVE: CVE-2005-1790 BID: 13799 OSVDB: 17094 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer fails to properly initialize the window function when called from an onLoad event in a body tag. This...

NetMail IMAP buffer overflow

Added: 11/30/2005 CVE: CVE-2005-3314 BID: 15491 OSVDB: 20956 Background Novell NetMail is an e-mail and calendaring server application. Problem A buffer overflow in the NetMail IMAP service could allow authenticated users to execute arbitrary commands using a long, specially crafted argument to...

Hummingbird InetD LPD buffer overflow

Added: 11/29/2005 CVE: CVE-2005-1815 BID: 13788 OSVDB: 16957 Background Hummingbird InetD implements common UNIX services on Windows platforms. Problem The Hummingbird InetD LPD service is affected by a buffer overflow which allows remote command execution. Resolution Apply the patch. References...

MailEnable IMAP mailbox name buffer overflow

Added: 11/29/2005 CVE: CVE-2005-3690 BID: 15492 OSVDB: 20929 Background MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail. Problem A buffer overflow in the...

Axis IP Camera authentication bypass and command injection

Added: 08/13/2018 Background Axis IP Cameras are a line of networked surveillance devices. Problem A remote attacker could execute arbitrary commands by exploiting an authentication bypass vulnerability in the .srv functionality and a command injection vulnerability in the parhand component...

FreePBX Recordings Backdoor Upload

Added: 10/14/2016 Background FreePBX is a web-based open-source graphical user interface used to manage Asterisk PBX, an open-source communication server. The FreePBX System Recordings module allows playback of recorded files. Problem The System Recordings module in FreePBX 13 and 14 is vulnerabl...

op5 Monitor Nacoma command execution

Added: 07/01/2016 Background op5 Monitor is an open-source monitoring solution written in PHP. Problem The commandtest.php script in the Nacoma component of op5 Monitor can be used to execute arbitrary operating system commands. Resolution Upgrade to op5 Monitor 7.2.0 or higher. References...

HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

Konica Minolta FTP Utility buffer overflow

Added: 10/01/2015 Background The Konica Minolta FTP Utility is an FTP server for Windows 98 through XP. Problem A vulnerability in the FTP Utility allows remote, unauthenticated attackers to execute arbitrary commands by sending a long, specially crafted argument to any command. Resolution Remove...

Samsung iPOLiS Device Manager ReadConfigValue vulnerability

Added: 04/27/2015 CVE: CVE-2015-0555 OSVDB: 118668 Background Samsung iPOLiS Device Manager is software for managing network devices. It comes with an ActiveX control called XnsSdkDeviceIpInstaller.ocx. Problem A buffer overflow vulnerability in the ReadConfigValue and WriteConfigValue methods in...

TWiki View Script debugenableplugins Request Parameter Vulnerability

Added: 03/30/2015 CVE: CVE-2014-7236 BID: 70372 OSVDB: 112977 Background TWiki is a web-based collaboration platform written in PERL. Problem The TWiki view script does not properly sanitize the debugenableplugins parameter before using it. Resolution Upgrade to TWiki-6.0.1 or higher, or apply th...

TWiki View Script debugenableplugins Request Parameter Vulnerability

Added: 03/30/2015 CVE: CVE-2014-7236 BID: 70372 OSVDB: 112977 Background TWiki is a web-based collaboration platform written in PERL. Problem The TWiki view script does not properly sanitize the debugenableplugins parameter before using it. Resolution Upgrade to TWiki-6.0.1 or higher, or apply th...

PCMan FTP Server MKD buffer overflow

Added: 03/11/2015 CVE: CVE-2013-4730 BID: 60837 OSVDB: 94624 Background PCMan's FTP Server is a free FTP server for Windows. Problem A buffer overflow vulnerability in PCMan's FTP Server allows remote attackers to execute arbitrary commands. Resolution There is no known fix for this vulnerability...

Upgrade Attack

Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...