3115 matches found
Moderate: e2fsprogs security update
1.32-15.4 - Fix integer overflows 414611 / CVE-2007-5497...
PHP multiple security vulnerabilities
DoS conditions, internal state modification, code execution, integer overflows, information leaks...
PHP < 4.4.8 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is older than 4.4.8. Such versions may be affected by several issues, including integer overflows involving the 'chunksplit', 'strcspn', and 'strspn' functions, and 'safemode' / 'openbasedir' bypasses. %NASLMINLEVEL 70300 C...
Multiple security vulnerabilities in different Exif libraries (libexif, exiv2, exiftags)
Multiple DoS conditions, integer overflows, buffer overflows on parsing JPEG/TIFF/RIFF EXIF data...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 4808)
This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities. CVE-2007-1659 / CVE-2006-7230 / CVE-2007-1660 / CVE-2006-7227 / CVE-2005-4872 / CVE-2006-7228 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. CVE-2007-5898 - overly...
GLSA-200712-13 : E2fsprogs: Multiple buffer overflows
The remote host is affected by the vulnerability described in GLSA-200712-13 E2fsprogs: Multiple buffer overflows Rafal Wojtczuk McAfee AVERT Research discovered multiple integer overflows in libext2fs, that are triggered when processing information from within the file system, resulting in...
E2fsprogs: Multiple buffer overflows
Background E2fsprogs provides utilities for use with the ext2 and ext3 file systems including the libext2fs library that allows user-level programs to manipulate an ext2 or ext3 file system. Description Rafal Wojtczuk McAfee AVERT Research discovered multiple integer overflows in libext2fs, that...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 3980)
This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...
SuSE 10 Security Update : gd (ZYPP Patch Number 3895)
This update fixes multiple integer overflows in the gd library. Specially crafted files could leverage them to at least crash gd based applications. CVE-2007-3472 / CVE-2007-3475 / CVE-2007-3476 / CVE-2007-3477 / CVE-2007-3478 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...
SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2245)
Various security problems have been fixed in the imlib2 image loaders : - A stack-based buffer overflow in loaderpnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. CVE-2006-4809 - A heap buffer overflow in loadertga.c could potentially be used by attackers to...
SuSE 10 Security Update : Qt (ZYPP Patch Number 2187)
Multiple integer overflows have been found in image processing functions within the QT library. These could potentially lead to heap overflows and code execution. CVE-2006-4811 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2261)
Various security problems have been fixed in the imlib2 image loaders : - A stack-based buffer overflow in loaderpnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. CVE-2006-4809 - A heap buffer overflow in loadertga.c could potentially be used by attackers to...
SuSE 10 Security Update : Xorg X11 (ZYPP Patch Number 3083)
Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges. CVE-2007-1003 Integer overflows in libx11 could cause crashes. CVE-2007-1667 Integer overflows in the font handling of the X-server could potentially be exploited to...
GLSA-200712-04 : Cairo: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200712-04 Cairo: User-assisted execution of arbitrary code Multiple integer overflows were reported, one of which Peter Valchev Google Security found to be leading to a heap-based buffer overflow in the...
Mandrake Linux Security Advisory : e2fsprogs (MDKSA-2007:242)
Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These flaws could result in heap-based overflows potentially allowing for the execution of arbitrary code. The update...
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : e2fsprogs vulnerability (USN-555-1)
Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding...
Debian DSA-1422-1 : e2fsprogs - integer overflows
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing t...
[SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1422 [email protected] http://www.debian.org/security/ Steve Kemp December 07, 2007 http://www.debian.org/security/faq -...
e2fsprogs utilities multiple security vulnerabilities
Multiple integer overflows...
[SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1422 [email protected] http://www.debian.org/security/ Steve Kemp December 07, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...