CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...

Stack overflow

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...

[slackware-security] imagemagick

New imagemagick packages are available for Slackware 10.2 and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2005-4601 https://vulners.com/cve/CVE-2006-0082 Here are the details from...

NView / XNView multimedia viewer / browser privilege escalation

Dynamic libraries from current directory are loaded on startup...

CVE-2005-3533

Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename...

Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : elm mailer (SSA:2005-311-01)

New Elm packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A buffer overflow in the parsing of the Expires header could allow arbitrary code to be executed as the user running Elm. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

imapd

New imapd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix an alleged security issue. See the details below for more information. Also, new Pine packages are provided since these are built together... why not? Might as well upgrade that too, while I'm fixi...

lynx

New Lynx packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. An overflow could result in the execution of arbitrary code when using Lynx to connect to a malicious NNTP server. More details about this issue may be found in the Common...

security flaw

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb...

Slackware 10.0 / 10.1 / current : Mozilla/Firefox (SSA:2005-203-01)

New Mozilla packages are available for Slackware 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlMo zilla New versions of the mozilla-plugins symlin...

Slackware 10.0 / 10.1 / 10.2 / current : X.Org pixmap overflow (SSA:2005-269-02)

New X.Org server packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue. An integer overflow in the pixmap handling code may allow the execution of arbitrary code through a specially crafted pixmap. Slackware 10.2 was patched against this vulnerability before...

Slackware 10.0 / 10.1 / 9.0 / 9.1 / current : gaim (SSA:2005-242-03)

New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix some security issues. including: AIM/ICQ away message buffer overflow AIM/ICQ non-UTF-8 filename crash Gadu-Gadu memory alignment bug Sites that use GAIM should upgrade to the new version. %NASLMINLEVEL 70300 ...

Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140)

Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory whe...

Slackware 10.1 / current : emacs movemail POP utility (SSA:2005-201-02)

New emacs packages are available for Slackware 10.1 and -current to a security issue with the movemail utility for retrieving mail from a POP mail server. If used to connect to a malicious POP server, it is possible for the server to cause the execution of arbitrary code as the user running emacs...

kcheckpass in kdebase

New kdebase packages are available for Slackware 10.0, 10.1, and -current to fix a security issue with the kcheckpass program. Earlier versions of Slackware are not affected. A flaw in the way the program creates lockfiles could allow a local attacker to gain root privileges. For more details abo...

gaim

New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix some security issues. including: AIM/ICQ away message buffer overflow AIM/ICQ non-UTF-8 filename crash Gadu-Gadu memory alignment bug Sites that use GAIM should upgrade to the new version. More details about...

dnsmasq

New dnsmasq packages are available for Slackware 10.0, 10.1, and -current to fix security issues. An off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache. More detail...

DSA-746-1 phpgroupware - remote command execution

Bulletin has no description...

Slackware 8.1 / 9.0 / 9.1 / current : cvs security update (SSA:2004-108-02)

CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS. A security problem which could allow a server to create arbitrary files on a client machine, and...

Slackware 8.1 / 9.0 / 9.1 / current : cvs (SSA:2004-161-01)

New cvs packages that have been upgraded to cvs-1.11.17 are available for Slackware 8.1, 9.0, 9.1, and -current to fix various security issues. Sites running a CVS server should upgrade to the new CVS package right away. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...