543 matches found
LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
No description provided by source. Bugtraq ID: 35451 Class: Boundary Condition Error Published: Jun 21 2009 12:00AM Updated: Nov 12 2009 06:46PM Credit: wololo Vulnerable: Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386...
Expat 2.0.1 UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
No description provided by source. Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHa...
Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service
Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat...
Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service
Bugtraq ID: 36097 Class: Input Validation Error Published: Jan 17 2009 12:00AM Updated: Nov 12 2009 08:06PM Credit: Peter Valchev Vulnerable: SuSE openSUSE 11.0 SuSE openSUSE 10.3 SuSE Linux 9 SuSE Linux 11 SuSE Linux 10.0 RedHat Fedora 11 RedHat Fedora 10 RedHat Enterprise Linux WS 4 RedHat...
Researchers Create Hypervisor Tool for Rootkits
Research between North Carolina State and Microsoft has garnered a way to better isolate and centralize kernels–up to 6,000 different kernel hooks–and has stopped nine rootkits. The tool is called HookSafe and runs on Ubuntu Linux 8.04 and uses hardware-based memory. At issue is whether other...
Ubuntu USN-828-1 (pam)
The remote host is missing an update to pam announced via advisory USN-828-1. OpenVAS Vulnerability Test $Id: ubuntu8281.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu8281.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-828-1 pam Authors: Thomas Reinke...
Mozilla Firefox 'NPObject'访问远程代码执行漏洞
Bugraq ID: 35360 CVE ID:CVE-2009-1837 CNCVE ID:CNCVE-20091837 Mozilla Firefox是一款开放源代码的WEB浏览器。 Mozilla Firefox访问NPObject JS封装类对象的私有数据时存在竞争条件错误,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 当访问NPObject属性一个封装的JSObject时NPObjWrapperNewResolve存在竞争条件错误,在装载Java...
Mozilla Firefox和SeaMonkey JavaScript Chrome特权提升漏洞
Bugraq ID: 35373 CVE ID:CVE-2009-1841 CNCVE ID:CNCVE-20091841 Mozilla Firefox是一款开放源代码的WEB浏览器。SeaMonkey一款开放源代码的新闻组客户端。 Mozilla安全研究员mozbugra4报告存在安全漏洞,允许页面内容的脚本以提升特权运行。使用这个漏洞,攻击者可以导致chrome特权对象,如浏览器边栏或FeedWriter与WEB内容交互,使攻击者控制的代码以对象的chrome特权运行。 Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04...
CUPS '_cupsImageReadTIFF()'整数溢出漏洞
BUGTRAQ ID: 34571 CVE ID:CVE-2009-0163 CNCVE ID:CNCVE-20090163 Common Unix Printing SystemCUPS是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS处理TIFF图像存在整数溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。...
Ghostscript CCITTFax Decoding Filter - Denial of Service
Ghostscript CCITTFax Decoding Filter - Denial of Service Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has no...
Ghostscript 'CCITTFax' Decoding Filter - Denial of Service
Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed. Vulnerable: Ubuntu Ubuntu Linux 8.10...
PHP 'chdir()' and 'ftok()' 安全模式绕过漏洞
PHP' safemode‘设置的限制绕过漏洞。成功的攻击可能允许攻击者以确定存在的档案在未经批准的地点;其他攻击也是可能的。 开发这些问题可以让攻击者获得敏感的数据,可用于在其他的攻击。 这些弱点将是一个问题的共同主办的配置在多个用户可以创建并执行任意PHP脚本代码;在这种情况下, ' safemode设置'的限制, PHP的5.2.6是受影响的;其他版本也可能受到影响。 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux -current PHP PHP 5.2.6 PHP PHP 5.2.5 PHP PHP 5.2.4...
PHP SAPI 'php_getuid()' 安全模式绕过漏洞
PHP is prone to a 'safemode' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass some safe mode restrictions. This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the...
Python 'Imageop'模块参数验证缓冲区溢出漏洞
BUGTRAQ ID: 31932 CNCAN ID:CNCAN-2008102806 Python是一款开放源代码的脚本编程语言。 Python 'Imageop'模块的不正确参数验证,远程攻击者可以利用漏洞进行缓冲区溢出而触发segfault错误。 目前没有详细漏洞细节提供,可能导致任意代码执行。 Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.5 Python Software Foundatio...
PHP FastCGI模块文件扩展拒绝服务漏洞
BUGTRAQ ID: 31612 CVE ID:CVE-2008-3660 CNCVE ID:CNCVE-20083660 PHP FastCGI是一款用于提高PHP性能的模块。 PHP FastCGI不正确处理部分文件请求,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 1,ext/gd's imageloadfont函数存在溢出。 2,PHP内部memnstr函数作为explode函数导出到用户空间存在溢出。 这些函数接收部分webapps中用户提供的数据,可远程利用。 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard...
Mozilla Firefox/SeaMonkey UTF-8基于栈的缓冲区溢出漏洞
BUGTRAQ ID: 31397 CVE ID:CVE-2008-0016 CNCVE ID:CNCVE-20080016 Mozilla Firefox/SeaMonkey是一款开放源代码的WEB浏览器和WEB应用套件。 Mozilla Firefox/SeaMonkey处理UTF-8 URL存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 Mozilla...
Mozilla Firefox 2.0.0.14存在多个远程漏洞
BUGTRAQ ID: 30038 CVE ID:CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2806 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 CNCVE ID:CNCVE-20082798 CNCVE-20082799 CNCVE-20082800 CNCVE-20082801 CNCVE-20082802...
Mozilla Firefox 3.0 - .JPEG File Denial of Service
Mozilla Firefox 3.0 - .JPEG File Denial of Service source: https://www.securityfocus.com/bid/29984/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. This issu...
Mozilla Firefox 3.0 - '.JPEG' File Denial of Service
source: https://www.securityfocus.com/bid/29984/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. This issue affects Firefox 3 running on Ubuntu Linux 8.04;...
PHP 5 'chdir()'和'ftok()' 'safe_mode'安全绕过漏洞
BUGTRAQ ID: 29796 CVE ID:CVE-2008-2666 CNCVE ID:CNCVE-20082666 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'chdir'和'ftok'函数存在'safemode绕过问题,远程攻击者可以利用漏洞在未授权位置检测文件是否存在等敏感信息。 问题代码如下: - --- PHPFUNCTIONchdir char str; int ret, strlen; if zendparseparametersZENDNUMARGS TSRMLSCC, "s", &str, &strlen == FAILURE RETURNFALS...