- VU#940193: Microsoft Windows automatically executes code specified in shortcut files
- VU#541921: ISC DHCP server fails to handle zero-length client identifier
- VU#732671: Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings
- VU#643615: libpng fails to limit number of rows in header
- VU#173009: Snare Agent web interface cross-site request forgery vulnerabilities
US-CERT publishes information on a wide variety of vulnerabilities. Descriptions of these vulnerabilities are available from this web page in a searchable database format, and are published as "US-CERT Vulnerability Notes". The notes are very similar to alerts, but they may have less complete information. In particular, solutions may not be available for all the vulnerabilities in this database.
Updated: 1 min 38 sec ago
VU#940193: Microsoft Windows automatically executes code specified in shortcut files
Microsoft Windows automatically executes code specified in shortcut(LNK and PIF)files.
Categories: US-CERT
VU#541921: ISC DHCP server fails to handle zero-length client identifier
A vulnerability in ISC DHCP could allow a remote attacker to cause the DHCP server to exit,resulting in a denial of service.
Categories: US-CERT
VU#732671: Cisco Industrial Ethernet 3000 Series switches have hardcoded SNMP community strings
Cisco Industrial Ethernet 3000(IE 3000)Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1,contain well-known,hard-coded read and write SNMP community strings. An remote attacker could take full control of a vulnerable device.
Categories: US-CERT
VU#643615: libpng fails to limit number of rows in header
Libpng contains a vulnerability in the way it handles images containing an extra row of image data beyond the height reported in the image header.
Categories: US-CERT
VU#173009: Snare Agent web interface cross-site request forgery vulnerabilities
The Snare Agent web interface is susceptible to cross-site request forgery attacks.
Categories: US-CERT
VU#251133: S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs
S2 NetBox and related products do not adequately restrict access to node logs,backups,and employee photographs. A remote,unauthenticated attacker could use information obtained from a vulnerable system to aid in further attacks.
Categories: US-CERT
VU#221257: Symantec AppStream and Workspace Streaming vulnerable to arbitrary code download and execution
The Symantec AppStream and Workspace Streaming clients fail to properly validate downloads,which can allow a remote,unauthenticated attacker to download and execute arbitrary code on a vulnerable system.
Categories: US-CERT
VU#578319: Microsoft Windows Help and Support Center URI processing vulnerability
The Microsoft Windows Help and Support Center application fails to properly sanitize hcp://URIs,which can allow a remote,unauthenticated attacker to execute arbitrary commands.
Categories: US-CERT
VU#486225: Adobe Flash ActionScript AVM2 newfunction vulnerability
Adobe Flash contains a vulnerability in the handling of the ActionScript newfunction instruction,which can allow a remote,unauthenticated attacker to execute arbitrary code.
Categories: US-CERT
VU#757804: Cisco Network Building Mediator products contain multiple vulnerabilities
Cisco Network Building Mediator(NBM)products are affected by multiple vulnerabilities that could allow an attacker to gain control of a vulnerable device or cause a denial of service.
Categories: US-CERT
VU#245081: Accoria Rock Web Server contains multiple vulnerabilities
Accoria Web Server contains multiple vulnerabilities that collectively could allow an attacker to execute commands through the administration interface.
Categories: US-CERT
VU#943165: Apple Safari window object invalid pointer vulnerability
Apple Safari contains a vulnerability in the handling of window objects,which may allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Categories: US-CERT
VU#602801: Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) cross-site scripting, ActiveX, and Repair Service vulnerabilities
Consona(formerly SupportSoft)Intelligent Assistance Suite(IAS)contains a set of vulnerabilities that collectively could allow an attacker to execute arbitrary code on a remote system.
Categories: US-CERT
VU#886582: Java Deployment Toolkit insufficient argument validation
The Sun Java Deployment Toolkit plugin and ActiveX control perform insufficient argument validation,allowing an attacker to perform several attacks,including the execution of an arbitrary JAR file.
Categories: US-CERT
