squid security update

CentOS Errata and Security Advisory CESA-2006:0045 Updated squid packages that fix a security vulnerability as well as several bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Squid is a high-performance proxy caching...

Ubuntu 4.10 / 5.04 / 5.10 : flex vulnerability (USN-260-1)

Chris Moore discovered a buffer overflow in a particular class of lexicographical scanners generated by flex. This could be exploited to execute arbitrary code by processing specially crafted user-defined input to an application that uses a flex scanner for parsing. This flaw particularly affects...

MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2)

/ $Id: raptorudf2.c,v 1.1 2006/01/18 17:58:54 raptor Exp $ raptorudf2.c - dynamic library for dosystem MySQL UDF Copyright c 2006 Marco Ivaldi This is an helper dynamic library for local privilege escalation through MySQL run with root privileges very bad idea!, slightly modified to work with new...

MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits ====================================================================== MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit ====================================================================== / $Id: raptorudf2.c,v 1.1...

MySQL 4.x5.0 (Linux) - User-Defined Function (UDF) Dynamic Library (2)

MySQL 4.x5.0 Linux - User-Defined Function UDF Dynamic Library 2 / $Id: raptorudf2.c,v 1.1 2006/01/18 17:58:54 raptor Exp $ raptorudf2.c - dynamic library for dosystem MySQL UDF Copyright c 2006 Marco Ivaldi This is an helper dynamic library for local privilege escalation through MySQL run with...

Memory corruption

The function allocation code jsNewFunction in jsfun.c in Firefox 1.5 allows attackers to cause a denial of service memory corruption and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects...

CVE-2006-0293

The function allocation code jsNewFunction in jsfun.c in Firefox 1.5 allows attackers to cause a denial of service memory corruption and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects...

CVE-2006-0293

The function allocation code jsNewFunction in jsfun.c in Firefox 1.5 allows attackers to cause a denial of service memory corruption and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects...

Ubuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-1)

Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the...

Ubuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-2)

USN-222-1 fixed a vulnerability in the Perl interpreter. It was discovered that the version of USN-222-1 was not sufficient to handle all possible cases of malformed input that could lead to arbitrary code execution, so another update is necessary. Original advisory : Jack Louis of Dyad Security...

MySQL 4.x - CREATE Temporary TABLE Symlink Privilege Escalation

// source: https://www.securityfocus.com/bid/12781/info MySQL is reported prone to multiple vulnerabilities that can be exploited by a remote authenticated attacker. The following individual issues are reported: - Insecure temporary file-creation vulnerability. Reports indicate that an attacker...

CVE-2006-0187

CVE-2006-0187 concerns Microsoft Visual Studio 2005, where code in the Load event of a user-defined control (UserControl1_Load) runs automatically by design. This behavior could let a user-assisted attacker execute arbitrary code by tricking a user into opening a malicious Visual Studio project f...

CVE-2006-0187

By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control UserControl1Load function, which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file...

Debian DSA-833-2 : mysql-dfsg-4.1 - buffer overflow

This update only covers binary packages for the big endian MIPS architecture that was mysteriously forgotten in the earlier update. For completeness below is the original advisory text : A stack-based buffer overflow in the initsyms function of MySQL, a popular database, has been discovered that...

Debian DSA-831-1 : mysql-dfsg - buffer overflow

A stack-based buffer overflow in the initsyms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long functionname field. The ability to create user-defined functions is not...

Mandrake Linux Security Advisory : MySQL (MDKSA-2005:163)

A stack-based buffer overflow was discovered in the initsyms function in MySQL that allows authenticated users that can create user-defined functions to execute arbitrary code via a long functionname field. The updated packages have been patched to address these issues. %NASLMINLEVEL 70300 C...

DSA-833-2 mysql-dfsg-4.1 - buffer overflow

Bulletin has no description...

[SECURITY] [DSA 829-1] New mysql packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 829-1 [email protected] http://www.debian.org/security/ Martin Schulze September 30, 2005 http://www.debian.org/security/faq -...

DSA-829-1 mysql - several

Bulletin has no description...

CVE-2005-2558

Stack-based buffer overflow in the initsyms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long functionname field...