1915 matches found
[Full-disclosure] [SECURITY] [DSA 1833-1] New dhcp3 packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1833-1 [email protected] http://www.debian.org/security/ Florian Weimer July 14, 2009 http://www.debian.org/security/faq -...
[SECURITY] Fedora 11 Update: mumbles-0.4-11.fc11
Mumbles is a plugin driven, DBus based notification system written for the Gnome desktop. Similar to libnotify notifications and Growl for OSX, mumbles aims to provide a modern notification system for the GNU/Linux Desktop...
[SECURITY] [DSA 1829-1] New sork-passwd-h3 packages fix cross-site scripting
------------------------------------------------------------------------ Debian Security Advisory DSA-1829-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 11, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1827-1] New ipplan packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1827-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 06, 2009 http://www.debian.org/security/faq -...
[ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services
/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV110$2009 -------------------------------------------------------------------------------- ECHOADV110$2009 Firefox GNU/Linux version = 3.0.10 Denial Of Services -------------------------------------------------------------------------------...
phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit
No description provided by source. !/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC...
[SECURITY] [DSA 1813-1] New evolution-data-server packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1813-1 [email protected] http://www.debian.org/security/ Steffen Joeris June 08, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1806-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2009 http://www.debian.org/security/faq -...
Code injection
The mapypalias function in functions/imapgeneral.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOT...
CVE-2009-1381
The mapypalias function in functions/imapgeneral.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOT...
CVE-2009-1381
CVE-2009-1381 relates to SquirrelMail prior to version 1.4.19-1 on Debian and possibly other OSes, where the map_yp_alias function in functions/imap_general.php allows remote execution of arbitrary commands via shell metacharacters in a username string used by ypmatch. Connected advisories confir...
[SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix
------------------------------------------------------------------------ Debian Security Advisory DSA-1802-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 21, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1803-1] New nsd packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1803-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 20, 2009 http://www.debian.org/security/faq -...
NSD vulnerable to one-byte overflow
Overview A vulnerability exists in the way NSD processes certain types of packets that may lead to a one-byte buffer overflow. Description Name server daemon NSD is an open source name server developed by NLnet Labs. NSD contains an off-by-one error that can cause a one-byte buffer overflow when...
Linux Kernel 2.6.29 - ptrace_attach() Race Condition Privilege Escalation
Linux Kernel 2.6.29 - ptraceattach Race Condition Privilege Escalation / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that...
[SECURITY] [DSA 1795-1] New ldns packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1795 [email protected] http://www.debian.org/security/ Devin Carraway May 07, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
Command injection
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie MCOOKIE on the command line, which allows local users to gain privileges by listing the process and its arguments...
CVE-2009-1573
What is affected. xvfb-run 1.6.1 (Debian/Ubuntu/Fedora and possibly other OSes) has the flaw. The root cause described in the CVE context is that the X11 magic cookie (MCOOKIE) is exposed on the command line, which can be discovered by local users. Impact. Local privilege escalation by listing th...
CVE-2009-1573
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie MCOOKIE on the command line, which allows local users to gain privileges by listing the process and its arguments...
[SECURITY] [DSA 1791-1] New moin packages fix cross-site scripting
------------------------------------------------------------------------ Debian Security Advisory DSA-1791-1 [email protected] http://www.debian.org/security/ Steffen Joeris May 06, 2009 http://www.debian.org/security/faq -...