Debian DSA-1495-1 : nagios-plugins - buffer overflows

Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5198 A buffer overflow has been discovered in the parser for HTT...

Debian DSA-1475-1 : gforge - missing input sanitising

Jose Ramon Palanco discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

apt-listchanges不安全路径库导入本地SHELL代码执行漏洞

apt-listchanges是一款使用当前安装来对比新版本的工具。 apt-listchanges当导入部分库的时候使用不安全路径，本地攻击者可以利用漏洞以应用程序进程权限执行任意SHELL代码。 目前没有详细漏洞细节提供。 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32...

Debian Security Advisory DSA 1321-1 (evolution-data-server)

The remote host is missing an update to evolution-data-server announced via advisory DSA 1321-1. OpenVAS Vulnerability Test $Id: deb13211.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1321-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 341-1 (liece)

The remote host is missing an update to liece announced via advisory DSA 341-1. OpenVAS Vulnerability Test $Id: deb3411.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 341-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1449-1 (loop-aes-utils)

The remote host is missing an update to loop-aes-utils announced via advisory DSA 1449-1. OpenVAS Vulnerability Test $Id: deb14491.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1449-1 loop-aes-utils Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...

Debian Security Advisory DSA 770-1 (gopher)

The remote host is missing an update to gopher announced via advisory DSA 770-1. John Goerzen discovered that gopher, a client for the Gopher Distributed Hypertext protocol, creates temporary files in an insecure fashion. For the old stable distribution woody this problem has been fixed in versio...

Debian Security Advisory DSA 297-1 (snort)

The remote host is missing an update to snort announced via advisory DSA 297-1. OpenVAS Vulnerability Test $Id: deb2971.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 297-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-1381-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-896-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1461-1 : libxml2 - missing input validation

Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-1443-1 : tcpreen - buffer overflows

It was discovered that several buffer overflows in tcpreen, a tool for monitoring a TCP connection, may lead to denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-1443. The...

OpenOffice HSQLDB Database Engine Unspecified Java Code Execution Vulnerability

Bugtraq ID: 26703 CVE: CVE-2007-4575 OpenOffice is prone to a code-execution vulnerability. Successful exploits allow remote attackers to execute arbitrary Java code in the context of the vulnerable application. Versions prior to OpenOffice 2.3.1 are vulnerable. Sun StarSuite 8 Sun StarOffice 8.0...

GnomeHack 1.0.5 Local Buffer Overflow Exploit

No description provided by source. / linux/debiangnomehackv1.0.5 buffer overflow, by: [email protected]. this will give you an egid=60games shell if gnomehack is sgid=2755 games on debian/2.2, which has gnomehack. this can also be applied to nethack syntax: ./debgnomehack offset alignment. exampl...

Debian DSA-1408-1 : kdegraphics - buffer overflow

Alin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed. The old stable distribution sarge will be fixed later. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian DSA-1407-1 : cupsys - buffer overflow

Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code. The cupsys version in the old stable distribution sarge is not vulnerable to arbitrary code execution...

PHP <= 5.2.5 stream_wrapper_register() denial of service

BUGTRAQ ID: 26426 CNCAN ID:CNCAN-2007111606 PHP是一款流行的网络编程语言。 PHP streamwrapperregister函数存在输入检查错误，远程攻击者可以利用漏洞进行缓冲区溢出攻击，可能以应用程序进程权限执行任意指令。 问题是PHP streamwrapperregister函数对参数缺少正确边界检查错误，恶意的WEB页，可导致以PHP进程权限执行任意指令。 PHP PHP 5.2.5 PHP PHP 5.2.4 PHP PHP 5.2.3 PHP PHP 5.2.2 PHP PHP 5.2.1 + Ubuntu Ubuntu Lin...

Debian DSA-1394-1 : reprepro - authentication bypass

It was discovered that reprepro, a tool to create a repository of Debian packages, only checks the validity of known signatures when updating from a remote site, and thus does not reject packages with only unknown signatures. This allows an attacker to bypass this authentication mechanism. The...

HTML Injection Vuln in nssboard

Nssboard, formerly Simple PHP forum, is vulnerable to HTML injection including scripts possible XSS in two ways: 1. If BBcode is disabled, HTML tags are no longer stripped, allowing XSS attacks, etc. 2. Profile information user, email, Real Name is not filtered. For example a user could use...

OpenOffice TIFF文件解析缓冲区溢出漏洞

OpenOffice是一款开放源代码的文字处理应用程序。 OpenOffice处理TIFF文件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 构建恶意的TIFF文件，诱使用户打开可触发漏洞，目前没有详细漏洞细节提供。 OpenOffice OpenOffice 2.3 OpenOffice OpenOffice 2.2.1 OpenOffice OpenOffice 2.0.4 OpenOffice OpenOffice 1.1.3 + Gentoo Linux + RedHat Fedora Core3 + Ubuntu Ubuntu Linux 5.0 4...