Advisory 26/2005: TinyMCE Compressor Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: TinyMCE Compressor Vulnerabilities Release Date: 2005/12/29 Last Modified: 2005/12/29 Author: Stefan Esser [email protected] Application: TinyMCE Compressor = 1.0.5...

Fedora Core 4 : libungif-4.1.3-3.fc4.2 (2005-1046)

The libungif package contains a shared library of functions for loading and saving GIF format image files. The libungif library can load any GIF file, but it will save GIFs only in uncompressed format; it will not use the patented LZW compression used to save 'normal' compressed GIF files. A bug...

security flaw

The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service infinite loop via unknown vectors...

PT-2005-4061 · Ethereal +1 · Ethereal +1

Name of the Vulnerable Software and Affected Versions: Ethereal version 0.10.12 Description: The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, via unknown vectors in the SigComp UDVM component. Recommendations: For Ethereal version 0.10.12, at the...

DC++ and its mods remote DoS in bzip2 decompression routine

DC++ and its mods remote DoS in bzip2 decompression routine Critical Security research: http://www.critical.lt Original advisory may be found: http://www.critical.lt/?vulnerabilities/22 PoC file may be found here: http://www.critical.lt/research/dc.zip Vulnerable product: DC++ and its mods all...

CVE-2005-2856

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including 1 ALZip 5.51 through 6.11, 2 Servant Salamander 2.0 and 2.5 Beta 1, 3 WinHKI 1.66 and 1.67, 4 ExtractNow 3.x, 5 Total Commander 6.53, 6 Anti-Trojan 5.5.421,...

CVE-2005-2856

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including 1 ALZip 5.51 through 6.11, 2 Servant Salamander 2.0 and 2.5 Beta 1, 3 WinHKI 1.66 and 1.67, 4 ExtractNow 3.x, 5 Total Commander 6.53, 6 Anti-Trojan 5.5.421,...

CVE-2005-2856

CVE-2005-2856 describes a stack-based buffer overflow in the WinACE UNACEV2.DLL used by many products (e.g., ALZip, Total Commander, IZArc, BitZipper, UltimateZip, etc.). The flaw occurs when extracting an ACE archive with an overly long filename, allowing user-assisted attackers to execute arbit...

KLA10311 ACE vulnerability in multiple software

A buffer overflow was found in the WinACE compression utility, which is used in multiple products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed ACE filename. Original advisories - Related product...

CVE-2002-2097

The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets...

CVE-2005-2384

Directory traversal vulnerability in a third-party compression library UNACEV2.DLL, as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with 1 .. or 2 absolute pathnames...

CVE-2005-2385

Buffer overflow in a third-party compression library UNACEV2.DLL, as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to execute arbitrary code via an ACE archive containing a long filename...

CVE-2005-2384

Directory traversal vulnerability in a third-party compression library UNACEV2.DLL, as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with 1 .. or 2 absolute pathnames...

zlib security update

CentOS Errata and Security Advisory CESA-2005:584 Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data...

Debian DSA-763-1 : zlib - remote DoS

Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. This problem does not affect the old stable distribution woody. %NASLMINLEVEL 70300 ...

DSA-763-1 zlib - buffer overflow

Bulletin has no description...

[SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 752-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...

DSA-752-1 gzip - several

Bulletin has no description...

zlib inflate() routine vulnerable to buffer overflow

Overview A buffer overflow in the zlib compression library may cause any application linked to zlib to improperly and immediately terminate. Description There is a buffer overflow in the zlib data-compression library caused by a lack of bounds checking in the inflate routine. If an attacker...

zlib: Buffer overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed...