Ubuntu: Security Advisory (USN-737-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-738-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-733-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Evolution Data Server Multiple Integer Overflow Vulnerabilities

Evolution Data Server is prone to multiple integer overflow vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

USN-737-1: libsoup vulnerability

It was discovered that the Base64 encoding functions in libsoup did not properly handle large strings. If a user were tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges...

USN-733-1: evolution-data-server vulnerability

It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings. If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user...

evolution-data-server: integer overflow in base64 encoding functions

Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...

evolution-data-server: integer overflow in base64 encoding functions

Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...

evolution-data-server security update

1.12.3-10.el53.3 - Add patch for RH bug 488280 CVE-2009-0547, S/MIME signatures. 1.12.3-10.el53.2 - Add patch for RH bug 488280 CVE-2009-0582, NTLM authentication. 1.12.3-10.el53.1 - Add patch for RH bug 488280 CVE-2009-0587, Base64 encoding...

evolution and evolution-data-server security update

evolution: 2.0.2-41.el47.2 - Add patch for RH bug 488439 CVE-2009-0547, S/MIME signatures. 2.0.2-41.el47.1 - Add patch for RH bug 488439 CVE-2009-0582, NTLM authentication. - Add patch for RH bug 488439 CVE-2009-0587, Base64 encoding. evolution-data-server: 1.0.2-14.el47.1 - Add patch for RH bug...

[oCERT-2008-015] glib and glib-predecessor heap overflows

2008-015 glib and glib-predecessors heap overflows Description: Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other GNOME-related applications which predat...

glib library memory corruption

Memory corruption on base64 encoding/decoding...

CVE-2009-0586

Integer overflow in the gstvorbistagaddcoverart function gst-libs/gst/tag/gstvorbistag.c in vorbistag in gst-plugins-base aka gstreamer-plugins-base before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64...

DEBIAN-CVE-2009-0587

Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...

CVE-2009-0585

CVE-2009-0585 : An integer overflow in libsoup’s soup_base64_encode (soup-misc.c) affects libsoup 2.x before 2.2.x and before 2.24 on 2.x, allowing context-dependent attackers to execute arbitrary code via a long input string converted to Base64. Public disclosures reference multiple advisories (...

RoundCube Webmail <= 0.2b Remote Code Execution Exploit

Exploit for unknown platform in category web applications ======================================================= RoundCube Webmail echoiniget'disablefunctions'; exec, system PHP passthru"id; uname -a"; uid=666www-data gid=666www-data groups=666www-data Linux mail 2.6.28 0 Sun Jan 01 10:05:33 CET...

Parallels Plesk Shortnames功能邮件中继漏洞

BUGTRAQ ID: 30956 Plesk是用于管理站点的综合控制面板解决方案。 在Plesk中如果为邮件登录启用了SHORTNAMES=1功能的话，QMAIL就会在AUTH LOGIN认证期间接受任何以有效shortname开始的base64编码用户名。这允许攻击者登录到plesk认证模块所保护的邮件或其他服务，通过获得的smtp认证权限中继垃圾邮件。 必须要从smtpspsa删除SHORTNAMES=1才可以修复这个问题，仅仅将其设置为0无法解决。 Parallels Plesk 8.6 Parallels ---------...

dirlist-traverse.txt

@===========================================@ | Author = StAkeR [email protected] | @===========================================@ + @==============================================================@ | dirLIST = Arbitrary File Download Vulnerability |...

Design/Logic Flaw

RaidSonic NAS-4220-B with 2.6.0-n2007-10-11 firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key...

CVE-2008-1431

RaidSonic NAS-4220-B with 2.6.0-n2007-10-11 firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key...