47 matches found
Debian DSA-916-1 : inkscape - buffer overflow
Several vulnerabilities have been discovered in Inkscape, a vector-based drawing program. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3737 Joxean Koret discovered a buffer overflow in the SVG parsing routines that can lead to the execution of...
Ubuntu 4.10 / 5.04 : cfengine vulnerabilities (USN-198-1)
Javier Fernandez-Sanguino Pena discovered that several tools in the cfengine package vicf, cfmailfilter, and cfcron create and use temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user...
Ubuntu 4.10 : groff vulnerabilities (USN-43-1)
Javier Fernandez-Sanguino Pena discovered that the auxiliary scripts 'eqn2graph' and 'pic2graph' created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program. Note that Tenable Network...
[SA17242] YIFF Sound Systems Arbitrary File Playback Weakness
TITLE: YIFF Sound Systems Arbitrary File Playback Weakness SECUNIA ADVISORY ID: SA17242 VERIFY ADVISORY: http://secunia.com/advisories/17242/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: YIFF Sound Systems 2.x http://secunia.com/product/5945/ DESCRIPTION: Javier...
USN-208-1: graphviz vulnerability
Javier Fernández-Sanguino Peña discovered that the "dotty" tool created and used temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running dotty...
USN-157-1: Mozilla Thunderbird vulnerabilities
Vladimir V. Perepelitsa discovered a bug in Thunderbird's handling of anonymous functions during regular expression string replacement. A malicious HTML email could exploit this to capture a random block of client memory. CAN-2005-0989 Georgi Guninski discovered that the types of certain XPInstal...
FreeBSD : a2ps -- insecure temporary file creation (9168253c-5a6d-11d9-a9e7-0001020eed82)
A Secunia Security Advisory reports that Javier Fernandez-Sanguino Pena has found temporary file creation vulnerabilities in the fixps and psmandup scripts which are part of a2ps. These vulnerabilities could lead to an attacker overwriting arbitrary files with the credentials of the user running...