156 matches found
Ubuntu 6.06 LTS / 6.10 / 7.04 : tar vulnerability (USN-506-1)
Dmitry V. Levin discovered that tar did not correctly detect the '..' file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges. Note that Tenable Network Security...
gtar -- Directory traversal vulnerability
Red Hat reports: A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Red Hat credits Dmitry V. Levin for reporting the issue...
CVE-2006-5816
Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder BCWB 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the rootpathadmin parameter to 1 /include/startup.inc.php, 2 dcontent/default.css.php, or 3 system/default.css.php, different...
CVE-2006-5816
Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder BCWB 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the rootpathadmin parameter to 1 /include/startup.inc.php, 2 dcontent/default.css.php, or 3 system/default.css.php, different...
CVE-2006-5816
Technical details about CVE-2006-5816 are not publicly available in the provided Connected documents. The initial description notes PHP remote file inclusion via root_path_admin to specific files, but no further specifics are provided here. Monitor for updates.
CVE-2006-4062
PHP remote file inclusion vulnerability in usr/extensions/gettree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSrootpath parameter...
CVE-2006-4065
Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 rootpath parameter to a usr/extensions/getcalendar.inc.php or the 2 GLOBALSrootpath parameter to b usr/extensions/gettree.inc.p...
CVE-2006-4065
Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 rootpath parameter to a usr/extensions/getcalendar.inc.php or the 2 GLOBALSrootpath parameter to b usr/extensions/gettree.inc.p...
CVE-2006-4065
CVE-2006-4065 concerns PHP remote file inclusion in Dmitry Sheiko SAPID Gallery 1.0 and earlier. Vulnerability arises when an attacker crafts a URL parameter to cause inclusion of arbitrary PHP code: (1) root_path to usr/extensions/get_calendar.inc.php or (2) GLOBALS[root_path] to usr/extensions/...
CVE-2006-4062
CVE-2006-4062 affects Dmitry Sheiko SAPID Shop 1.2 and earlier. The vulnerability is a PHP remote file inclusion in usr/extensions/get_tree.inc.php that allows an attacker to execute arbitrary PHP code via a URL supplied to GLOBALS[root_path]. The provided documents identify the vulnerable compon...
Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt3
Oct. 11, 2005 Dmitry V. Levin 0.9.7g-alt3 - Applied upstream fix for potential SSL 2.0 rollback during SSL handshake CAN-2005-2969...
Slackware 9.1 / current : utempter security update (SSA:2004-110-01)
New utempter packages are available for Slackware 9.1 and -current to fix a security issue. Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue The utempter package provides a utility and shared library...
Security fix for the ALT Linux 6 package sudo version 1:1.6.7p5-alt5
June 21, 2005 Dmitry V. Levin 1:1.6.7p5-alt5 - Backported upstream fix so a sudoers entry with sudo ALL no longer overwrites the value of safecmnd CAN-2005-1993...
USN-54-1: TIFF library tool vulnerability
Dmitry V. Levin discovered a buffer overflow in the "tiffdump" utility. If an attacker tricked a user into processing a malicious TIFF image with tiffdump, they could cause a buffer overflow which at least causes the program to crash. However, it is not entirely clear whether this can be exploite...
tiff -- tiffdump integer overflow vulnerability
Dmitry V. Levin found a potential integer overflow in the tiffdump utility which could lead to execution of arbitrary code. This could be exploited by tricking an user into executing tiffdump on a specially crafted tiff image...
utempter security update
New utempter packages are available for Slackware 9.1 and -current to fix a security issue. Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue The utempter package provides a utility and shared library...