XSS vulnerabilities

PMASA-2005-8 Announcement-ID: PMASA-2005-8 Date: 2005-12-05 Summary XSS vulnerabilities Description It was possible to conduct an XSS attack via the HTTPHOST variable; also, some scripts in the libraries directory that handle header generation were vulnerable to XSS. Severity We consider these...

CVE-2005-3622

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory...

CVE-2005-3622

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory...

CVE-2005-3622

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory...

HP Security Digests - HP-UX security bulletins digest

HP Support Information Digests =============================================================================== o Security Bulletin Digest Split ------------------------------ The security bulletins digest has been split into multiple digests based on the operating system HP-UX, MPE/iX, and HP...

GLSA-200510-14 : Perl, Qt-UnixODBC, CMake: RUNPATH issues

The remote host is affected by the vulnerability described in GLSA-200510-14 Perl, Qt-UnixODBC, CMake: RUNPATH issues Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtime. Furthermore, packages depending on the MakeMaker Perl module fo...

PHP: Vulnerabilities in included PCRE and XML-RPC libraries

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description PHP makes use of a private copy of libpcre which is subject to an...

CVE-2005-2869

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the Username to libraries/auth/cookie.auth.lib.php or 2 the error parameter to error.php...

Debian DSA-789-1 : php4 - several vulnerabilities

Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP...

Adobe Version Cue 1.01.0.1 (OSX) - -lib Local Privilege Escalation

Adobe Version Cue 1.01.0.1 OSX - -lib Local Privilege Escalation / Adobe Version Cue VCNativeOSX: local root exploit. dyld by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program allows un-privileged local users to load arbitrary libraries"bundles" while running setuid...

Adobe Version Cue 1.0/1.0.1 (OSX) - '-lib' Local Privilege Escalation

/ Adobe Version Cue VCNativeOSX: local root exploit. dyld by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program allows un-privileged local users to load arbitrary libraries"bundles" while running setuid root. this is done via the "-lib" command-line option. note:...

AMD64 x86 emulation base libraries: Buffer overflow

Background The x86 emulation base libraries for AMD64 emulate the x86 32-bit architecture on the AMD64 64-bit architecture. Description Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted...

Slackware 10.0 / 10.1 / 9.1 / current : Mozilla/Firefox/Thunderbird (SSA:2005-085-01)

New Mozilla packages are available for Slackware 9.1, 10.0, 10.1, and -current to fix various security issues and bugs. See the Mozilla site for a complete list of the issues patched: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlMo zilla Also updated are Firefox and...

FreeBSD : linux_base -- vulnerabilities in Red Hat 7.1 libraries (bf2e7483-d3fa-440d-8c6e-8f1f2f018818)

Trevor Johnson reported that the Red Hat Linux RPMs used by linuxbase contained multiple older vulnerabilities, such as a DNS resolver issue and critical bugs in X font handling and XPM image handling. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability

Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the "POST" method. Impact A remote attacker...

glibc, nptl, nscd security update

CentOS Errata and Security Advisory CESA-2005:256 Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The GNU libc packages known as glibc contain the standard C libraries used by...

CVE-2005-0627

Qt before 3.3.4 searches the BUILDPREFIX directory, which could be world-writable, to load shared libraries regardless of the LDLIBRARYPATH environment variable, which allows local users to execute arbitrary programs...

CVE-2005-0710

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udfinit function...

CVE-2005-0385

Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument...

CVE-2005-0227

PostgreSQL pgsql 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension...