[SECURITY] [DSA 894-1] New AbiWord packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 894-1 [email protected] http://www.debian.org/security/ Martin Schulze November 14th, 2005 http://www.debian.org/security/faq -...

DSA-894-1 abiword - buffer overflows

Bulletin has no description...

[slackware-security] KOffice/KWord

New KOffice packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with KWord. A buffer overflow in the RTF import functionality could result in the execution of arbitrary code. More details about this issue may be found in the Common Vulnerabilities and...

Mozilla/Firefox security manager certificate handling DoS

The remote host is using Mozilla, an alternative web browser. The Mozilla Personal Security Manager PSM contains a flaw that may permit an attacker to import silently a certificate into the PSM certificate store. This corruption may result in a deny of SSL connections. SPDX-FileCopyrightText: 200...

DboardGear - uncorrect import themes (SQL-inject)

Hello all. I m check it: DboardGear .. Search By Google :- by DboardGear Gr33tz :- aLMaSTeR HaCKeR .. SQL Injection's FOunder - | almaster at hotmail.com|- Security4Arab .. A'Where Home .. 1- SQL Injection in buddy.php http://www.site.com/dboard/buddy.php?action=add&buddy=|aLMaSTeR 2-SQL Injectio...

DEBIAN-CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

PT-2005-4113 · Blender · Blender

Name of the Vulnerable Software and Affected Versions: Blender version 2.36 Description: The issue allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. This occurs in the bvh import.py module. Recommendations: For...

CVE-2005-2972

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the 1 ParseLevelText, 2 getCharsInsideBrace, 3 HandleLists, 4 or 5 HandleAbiLis...

CVE-2005-2972

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the 1 ParseLevelText, 2 getCharsInsideBrace, 3 HandleLists, 4 or 5 HandleAbiLis...

DEBIAN-CVE-2005-2972

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the 1 ParseLevelText, 2 getCharsInsideBrace, 3 HandleLists, 4 or 5 HandleAbiLis...

CVE-2005-2972

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the 1 ParseLevelText, 2 getCharsInsideBrace, 3 HandleLists, 4 or 5 HandleAbiLis...

CVE-2005-2972

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the 1 ParseLevelText, 2 getCharsInsideBrace, 3 HandleLists, 4 or 5 HandleAbiLis...

CVE-2005-2972

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the 1 ParseLevelText, 2 getCharsInsideBrace, 3 HandleLists, 4 or 5 HandleAbiLis...

GLSA-200510-12 : KOffice, KWord: RTF import buffer overflow

The remote host is affected by the vulnerability described in GLSA-200510-12 KOffice, KWord: RTF import buffer overflow Chris Evans discovered that the KWord RTF importer was vulnerable to a heap-based buffer overflow. Impact : An attacker could entice a user to open a specially crafted RTF file,...

USN-203-1: Abiword vulnerabilities

Chris Evans discovered several buffer overflows in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user...

GLSA-200510-06 : Dia: Arbitrary code execution through SVG import

The remote host is affected by the vulnerability described in GLSA-200510-06 Dia: Arbitrary code execution through SVG import Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Impact : An attacker could create a specially crafted SVG...

Debian DSA-847-1 : dia - missing input sanitising

Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitise data read from an SVG file and is hence vulnerable to execute arbitrary Python code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

DSA-847-1 dia - missing input sanitising

Bulletin has no description...

Dia: Arbitrary code execution through SVG import

Background Dia is a gtk+ based diagram creation program released under the GPL license. Description Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Impact An attacker could create a specially crafted SVG file, which, when imported...

CVE-2005-2966

The Python SVG import plugin diasvgimport.py for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file...