xpm -- image decoding vulnerabilities

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Storm library vulnerability principle and the law-vulnerability and early warning-the black bar safety net

SQL injectionpopular for a long time, we're looking for vulnerability injection purpose is nothing but want to get the database stuff, such as username, password, etc., further the MSSQL database you can also take this to get permission. The Access-based Foundation to say, if we don't have the...

libtiff: use of uninitialized memory in LZW decoder

Multiple buffer underflows in the 1 LZWDecode, 2 LZWDecodeCompat, and 3 LZWDecodeVector functions in tiflzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODECLEAR code...

libtiff security and bug fix update

3.6.1-12.el4.2 - Get rid of html pages for un-shipped programs, too Resolves: 459404 3.6.1-12.el4.1 - Fix LZW decoding vulnerabilities CVE-2008-2327 Resolves: 458814 - Back-port fix for CVE-2006-2193 Resolves: 458814 - Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don't ship...

libtiff security and bug fix update

3.8.2-7.el5.2 - Use -fno-strict-aliasing per rpmdiff recommendation 3.8.2-7.el5.1 - Fix LZW decoding vulnerabilities CVE-2008-2327 Resolves: 458812 - Remove sgi2tiff.1 and tiffsv.1, since they are for programs we don't ship Resolves: 460120...

libtiff security update

3.5.7-31.el3 - Fix some additional LZW decoding vulnerabilities back-port from tiff-3.6.1 Resolves: 458810 - Force debug symbols to be generated by adding GCOPTS=-g; the test used by this old configure script is too easily confused 3.5.7-25.el3.5 - Fix LZW decoding vulnerabilities CVE-2008-2327...

Debian DSA-1621-1 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead t...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-625-1)

Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2007-6282 Johannes Bauer discovered that the 64bit kernel did not correctly handle hrtimer updates. ...

USN-625-1: Linux kernel vulnerabilities

Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2007-6282 Johannes Bauer discovered that the 64bit kernel did not correctly handle hrtimer updates. ...

CentOS 3 / 4 / 5 : cups (CESA-2008:0498)

Updated cups packages that fix a security issue are now available for Red Hat Enterprise Linux 3, Red Hat Enterprise Linux 4, and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS...

CVE-2008-1573

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information memory contents via a crafted 1 BMP or 2 GIF image, which causes an out-of-bounds read...

CVE-2008-1573

Apple Mac OS X ImageIO’s BMP/GIF decoding engine is affected by CVE-2008-1573: an out-of-bounds read could disclose memory contents when processing crafted BMP or GIF images. Affected versions are Mac OS X before 10.5.3. The issue is addressed by updating to Mac OS X 10.5.3 Security Update; apply...

FENCE-Pro and Systemwalker Desktop Encryption self-decoding file vulnerability

Overview Fujitsu's encryption software FENCE-Pro and Systemwalker Desktop Encryption share the same components. A vulnerability exists in self-decoding files created using this software. Impact The third party could view the contents of self-decoding files and obtain the passwords used for the...

mod_jk sends decoded URL to tomcat

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

[SECURITY] Fedora 8 Update: xine-lib-1.1.11.1-1.fc8

This package contains the Xine library. Xine is a free multimedia player. It can play back various media. It also decodes multimedia files from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of t...

RHEL 3 / 4 : cups (RHSA-2008:0206)

Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS provides a portable printing layer for UNIXR...

USN-598-1: CUPS vulnerabilities

It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In...

Moderate: Red Hat Security Advisory: cups security update

Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System CUPS provides a portable printing layer for UNIXR operatin...

Debian: Security Advisory (DSA-1515-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft IE FTP跨站命令注入漏洞

BUGTRAQ ID: 28208 Internet Explorer是微软发布的非常流行的WEB浏览器。 如果用户访问了包含有恶意FTP URL的网页的话，Internet Explorer 5和6解码可能无法正确地过滤URL，强制Internet Explorer通过在HTML元素所提供的URL中每条命令后注入URL编码的CRLF对连接起FTP命令。 iframe src="ftp://user@site:port/%0D%0ADELE%20foo.txt%0D%0A//"/ 此外，如果恶意URL的末尾添加了两个斜线的话，Internet...