7626 matches found
lynx: .mailcap and .mime.types files read from CWD
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious 1 .mailcap and 2 mime.types files in the current working directory...
Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...
NetBSD PPPoE发现脚本远程拒绝服务漏洞
BUGTRAQ ID:30838 CNCAN ID:CNCAN-2008082706 NetBSD是一款基于BSD的操作系统。 NetBSD包含的pppoe4代码处理恶意报文存在问题,远程攻击者可以利用漏洞触发内核访问越界内容而导致内核崩溃,造成拒绝服务攻击。 在客户端和访问集中器之间的会话连接之前,处理PPPoE连接的早期状态的关键代码存在问题。在"discovery"阶段的报文由多个可变长度"tags"装载同一个PPPoE报文中,每个标签将被检查,而且针对全部报文大小的长度进行了验证。不过在长度检查过程中存在一个缺陷,允许把下一个TAG的指针越界移动到报文后最多4字节的位置。...
[slackware-security] python
New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-1679 https://vulners.com/cve/CVE-2008-1721...
[slackware-security] openssl
New openssl packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. More details about this issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-0891 https://vulners.com/cve/CVE-2008-1672 Upgraded OpenSS...
[slackware-security] httpd
New httpd packages are available for Slackware 12.0, 12.1, and -current to fix XSS security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-5000 https://vulners.com/cve/CVE-2007-6388 Here are the details...
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 8.1 / 9.0 / 9.1 / current : fetchmail (SSA:2008-210-01)
New fetchmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...
RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability
This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control exposed through the following CLSIDs:...
Slackware 12.1 / current : xorg-server (SSA:2008-183-01)
New xorg-server packages are available for Slackware 12.1 and -current to fix security issues in xorg-server 1.4 prior to version 1.4.2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...
AceFTP 3.80.3 - LIST Directory Traversal
AceFTP 3.80.3 - LIST Directory Traversal source: https://www.securityfocus.com/bid/29989/info AceFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to write arbitrary files to...
openoffice.org: insecure relative RPATH in OOo 1.1.x packages
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org OOo 1.1.x on Red Hat Enterprise Linux RHEL 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in...
lv Arbitrary Command Execution Vulnerability
Overview lv contains a vulnerability of reading and running a .lv file in the current directry. Impact An attacker could execute arbitrary command as other users with the privilege of the user running lv. Solution Please refer to the 'Vendor Information' section of this advisory for official...
CVE-2008-2147
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory...
Slackware 11.0 / 12.0 / current : espgs/ghostscript (SSA:2008-062-01)
New espgs or ghostscript packages are available for 11.0, 12.0, and -current to fix a buffer overflow. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2008-062-01. The text itself is...
[slackware-security] httpd
New httpd packages are available for Slackware 12.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-6421 https://vulners.com/cve/CVE-2007-6422...
[slackware-security] kernel exploit fix
New kernel packages are available for Slackware 12.0, and -current to fix a local root exploit. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2008-0010 https://vulners.com/cve/CVE-2008-0163...
DEBIAN-CVE-2008-0302
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory...
[SECURITY] Fedora 7 Update: xfce4-weather-plugin-0.6.2-2.fc7
A weather plugin for the Xfce panel. It shows the current temperature and weather condition, using weather data provided by xoap.weather.com...
Slackware 11.0 / 12.0 / current : seamonkey (SSA:2007-333-01)
New seamonkey packages are available for Slackware 11.0, 12.0, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2007-333-01. The text itself is copyright...
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / current : samba (SSA:2007-320-01)
New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2007-320-01. The text itsel...