ImageMagick XCF图象文件远程缓冲区溢出漏洞

ImageMagick是一套可以用来读、写和处理超过89种基本格式的图片文件。 ImageMagick处理XCF图象文件存在问题，远程攻击者可以利用漏洞进行缓冲区溢出攻击，可能以进程权限执行任意指令。 攻击者可以构建恶意XCF图象，诱使用户使用ImageMagick打开来触发，目前没有详细漏洞细节提供。 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise...

Linux Kernel IBMTR.C远程远程拒绝服务漏洞

Linux Kernel是一款开放源代码的操作系统。 Linux Kernel IBMTR.C存在内存破坏问题，远程攻击者可以利用漏洞对系统进行拒绝服务攻击，存在执行任意指令可能。 问题存在于'drivers/net/tokenring/ibmtr.c'文件中，由于对-csum缺少正确处理，可能导致内存破坏而造成拒绝服务攻击。 Linux kernel 2.6.19 -rc4 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secur...

MySQL特权提升和安全绕过漏洞

MySQL是一款开放源代码的数据库程序。 MySQL存在特权提升和安全绕过问题，远程攻击者可以利用漏洞以高特权执行任意命令并绕过限制建立新的数据库。 验证用户可以通过如下方法建立新的数据： $ mysql -u root -p -S /path/to/socket Enter password: mysql create database 'sample'; mysql grant all on sample. to 'sample'@'%' identified by 'password'; mysql \q $ mysql -h my.mysql.server -u sample -...

Yukihiro Matsumoto Ruby CGI.RB库拒绝服务漏洞

Yukihiro Matsumoto Ruby是一种解释型的方便快捷的面向对象脚本语言。 Yukihiro Matsumoto Ruby cgi.rb的CGI库存在问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 提交特殊的HTTP请求到任意使用cgi.rb的WEB应用程序，可导致消耗大量CPU而造成停止响应，产生拒绝服务攻击。 Yukihiro Matsumoto Ruby 1.8.5 Yukihiro Matsumoto Ruby 1.8.4 Yukihiro Matsumoto Ruby 1.8.3 Yukihiro Matsumoto Ruby 1.8.2 pre4 +...

Linux Kernel PPC970 本地拒绝服务系统漏洞

Linux Kernel PPC970 本地拒绝服务系统漏洞. 攻击者可以利用这个漏洞来了坠毁的内核,进一步否定合法用户的服务. Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8....

PHP Apache 2 本地拒绝服务漏洞

'sapiapache2.c', 这个问题最终会影响PHP的5.1.0和4.4.1之前版本 Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix...

Python repr()函数远程指令执行漏洞

Python是一种开放源代码的强大功能的脚本编程语言。 Python的repr函数实现上存在漏洞，远程或本地攻击者可能利用此漏洞提升自己的权限。 Python的repr函数没有正确地处理UTF-32/UCS-4字符串。如果应用程序对任意不可信任的数据使用了repr的话，就可能导致以python应用程序的权限执行任意指令。 Python Software Foundation Python 2.4 Python Software Foundation Python 2.3 Ubuntu Linux 6.06 LTS Ubuntu Linux 5.10 Ubuntu Linux 5.04...

Mozilla Firefox JavaScript Navigator object vulnerability

Added: 08/14/2006 CVE: CVE-2006-3677 BID: 19192 OSVDB: 27559 Background When used in a web page, Java references properties of the window.navigator object as it starts up in Firefox or SeaMonkey. Problem If a web page replaces the navigator object before starting Java, then the page could cause t...

Linux Kernel SCSI ProcFS拒绝服务漏洞

BUGTRAQ ID: 14790 CVECAN ID: CVE-2005-2800 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的SCSI驱动的procfs接口中存在拒绝服务漏洞。本地攻击者可以反复读取/proc/scsi/sg/devices，而next iterator返回NULL或错误时没有正确的处理这种情况，耗尽kernel内存，导致拒绝服务。 Linux kernel = 2.6.13 Ubuntu Linux 5.0 4 powerpc Ubuntu Linux 5.0 4 i386 Ubuntu Linux 5.0 4...

Mozilla Firefox JavaScript Navigator object vulnerability

Added: 08/14/2006 CVE: CVE-2006-3677 BID: 19192 OSVDB: 27559 Background When used in a web page, Java references properties of the window.navigator object as it starts up in Firefox or SeaMonkey. Problem If a web page replaces the navigator object before starting Java, then the page could cause t...

Mozilla Firefox JavaScript Navigator object vulnerability

Added: 08/14/2006 CVE: CVE-2006-3677 BID: 19192 OSVDB: 27559 Background When used in a web page, Java references properties of the window.navigator object as it starts up in Firefox or SeaMonkey. Problem If a web page replaces the navigator object before starting Java, then the page could cause t...

CVE-2006-0458

The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service application crash via certain crafted arguments in a DCC command...

Command injection

The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service application crash via certain crafted arguments in a DCC command...

CVE-2006-0458

The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service application crash via certain crafted arguments in a DCC command...

CVE-2006-0458

The CVE-2006-0458 issue affects irssi’s DCC ACCEPT handler. Affected: irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 (Ubuntu and possibly other distros). Description: remote attackers can cause a denial of service (application crash) by sending crafted DCC arguments. Impact: crash of the irssi process u...

CVE-2006-0458

The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service application crash via certain crafted arguments in a DCC command...

Ubuntu 5.04 : kdebase vulnerability (USN-176-1)

Ilja van Sprundel discovered a flaw in the lock file handling of kcheckpass. A local attacker could exploit this to execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has...

Buffer overflow

Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long 1 -lang, 2 -ctrlr, 3 -pb, or 4 -rec argument on many operating systems, and via a long 5 -jdev argument on Ubuntu Linux...

CVE-2006-0176

Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long 1 -lang, 2 -ctrlr, 3 -pb, or 4 -rec argument on many operating systems, and via a long 5 -jdev argument on Ubuntu Linux...

CVE-2006-0176

Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long 1 -lang, 2 -ctrlr, 3 -pb, or 4 -rec argument on many operating systems, and via a long 5 -jdev argument on Ubuntu Linux...