2384 matches found
CVE-2010-4338
CVE-2010-4338 affects ocrodjvu 0.4.6-1 on Debian GNU/Linux. Local users can exploit a symlink attack on temporary files created when Cuneiform is invoked as the OCR engine to modify arbitrary files. The impact is described as ability to gain write access to arbitrary files, with local access and ...
Design/Logic Flaw
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories...
CVE-2010-4695
Removed by vendor...
MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability
Exploit for php platform in category web applications Vendor: MantisBT Group Product web page: http://www.mantisbt.org Version affected: library/adodb/adodb.inc.php ... 4109: 4110: $file = ADODBDIR."/drivers/adodb-".$db.".inc.php"; 4111: @includeonce$file;...
MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure
Exploit for php platform in category web applications Vendor: MantisBT Group Product web page: http://www.mantisbt.org Version affected: 1.2.4 Summary: MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL...
[SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-2132-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 11, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-2131-1 [email protected] http://www.debian.org/security/ Stefan Fritsch December 10, 2010 http://www.debian.org/security/faq -...
TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption
-------------------------------------------------------------------------------------- Ghostscript library InsMINDEX off by one, integer overflow and heapcorruption -------------------------------------------------------------------------------------- -- Vulnerability Summary: Date Published:...
[SECURITY] [DSA-2125-1] New openssl packages fix buffer overflow
------------------------------------------------------------------------ Debian Security Advisory DSA-2125-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 22, 2010 http://www.debian.org/security/faq -...
NitroSecurity ESM v8.4.0a Remote Code Execution
Exploit for linux platform in category remote exploits =============================================== NitroSecurity ESM v8.4.0a Remote Code Execution =============================================== -- Product description: NitroView ESM is an enterprise-class security information and event...
NitroSecurity ESM 8.4.0a Remote Code Execution
-- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it was found that perl module "ess.pm" is prone to...
NitroSecurity ESM 8.4.0a - Remote Code Execution
-- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it was found that perl module "ess.pm" is prone to...
NitroSecurity ESM 8.4.0a - Remote Code Execution
NitroSecurity ESM 8.4.0a - Remote Code Execution -- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it w...
GNU C library dynamic linker expands $ORIGIN in setuid library search path
Overview Certain versions of glibc unsafely handle the $ORIGIN ELF substitution sequence which can be exploited to gain local privilege escalation. Description Tavis Ormandy's advisory states:"$ORIGIN is an ELF substitution sequence representing the location of the executable being loaded in the...
Linux kernel RDS protocol vulnerability
Overview The RDS protocol implementation of Linux kernels 2.6.30 through 2.6.38-rc8 contain a local privilege escalation vulnerability. Description Kernel functions fail to properly check if a user supplied address exists in the user segment of memory. By providing a kernel address to a socket ca...
[SECURITY] [DSA-2114-1] New git-core packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-2114-1 [email protected] http://www.debian.org/security/ Stefan Fritsch September 26, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2111-1] New squid3 packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2111-1 [email protected] http://www.debian.org/security/ Steffen Joeris September 19, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2111-1] New squid3 packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-2111-1 [email protected] http://www.debian.org/security/ Steffen Joeris September 19, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ Debian Security Advisory DSA-2108-1 [email protected] http://www.debian.org/security/ Sebastien Delafond Sep 14, 2010 http://www.debian.org/security/faq - -...
CVE-2010-2953
Technical details about CVE-2010-2953 (affected products, root cause, and fixes) are not publicly provided in the supplied documents; monitor for updates from vendors and security advisories.