CVE-2007-2636

Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to 1 index.php, 2 feed.php, 3 prefs.php, and 4 todolist.php; and 5 classTodoItem.php and 6 phpTodoUser.php in libs/. NOTE: some of these details are obtained fro...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the a ETCDIR parameter to 1 libs/lom.php; 2 lomupdate.php, 3 check-lom.php, and 4 weighkeywords.php in scripts/; the b LIBSDIR parameter to 5 logout.php, 6 help.php...

CVE-2007-2609

CVE-2007-2609 affects gnuedu 1.3b2 with multiple PHP remote file inclusion vulnerabilities . An attacker can trigger arbitrary PHP code execution by supplying untrusted values to the ETCDIR parameter for files/libs (libs/lom.php; lom_update.php; check-lom.php; weigh_keywords.php; web/lom.php) and...

lms 1.5.3 Remote File Inclusion

lms 1.5.3 Remote File Inclusion Affected Software .: lms 1.5.3 libs Download..: http://www.lms.org.pl/download/1.5/ Risk ..............: high Found by ..........: InyeXion Contact ...........: InyeXionatgmail.com Web .............: Www.InyeXion.com.ar Affected File: /modules/rtmessageadd.php...

Pixaria Gallery 1.x - 'class.Smarty.php' Remote File Inclusion

Pixaria Gallery 1.x class.Smarty.php Remote File Include Vulnerability ----------------------------------------------------------------------------------------- scripts : Pixaria Gallery 1.x Discovered By : irvian scripts site : http://pixaria.com/ Thanks To : hitamputih nyubicrew patihack specia...

krb5 security update

CentOS Errata and Security Advisory CESA-2007:0095-01 Updated krb5 packages that fix a number of issues are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and...

krb5 security update

CentOS Errata and Security Advisory CESA-2007:0095 Updated krb5 packages that fix a number of issues are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers...

PT-2007-1383 · Smarty · Smarty

Name of the Vulnerable Software and Affected Versions: Smarty version 2.6.9 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter in the libs/Smarty.class.php file. This is a PHP remote file inclusion issue. Note that the original...

RHEL 2.1 / 3 / 4 : bind (RHSA-2007:0044)

Updated bind packages that fix a security issue and a bug are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. A flaw was found i...

bind security update

CentOS Errata and Security Advisory CESA-2007:0044-01 Updated bind packages that fix a security issue and a bug are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND Berkeley Internet Name Domain is an implementation of th...

Fedora Core 5 : vixie-cron-4.1-55.FC5 (2006-823)

Fri Jul 14 2006 Jason Vas Dias - 4:4.1-55.FC5 - fix bug 198893 - change permissions of cron spool directories to 0700 - fix bug 191823: fix missing BuildRequires: audit-libs-devel Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

CVE-2006-4423

Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSBIGACEDIRadmin parameter in a system/command/admin.cmd.php, b admin/include/uploadform.php, and c admin/include/itemmain.php; and the 2...

CVE-2006-3005

The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service memory exhaustion via a crafted JPEG file that exceeds the intended memory limits...

CVE-2006-3005

CVE-2006-3005 affects Gentoo Linux’s media-libs/jpeg prior to version 6b-r7, where the JPEG library is built without the -maxmem feature. This could allow a context-dependent attacker to cause a denial of service (memory exhaustion) by sending a crafted JPEG file that exceeds memory limits. Publi...

Ubuntu 4.10 / 5.04 : dpkg, ia32-libs, amd64-libs vulnerabilities (USN-151-2)

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Most applications use the shared library provided by the 'zlib1g' package; however, some packages contain copies of t...

giflib: Multiple vulnerabilities

Background giflib is a library for reading and writing GIF images. Description Chris Evans and Daniel Eisenbud independently discovered two out-of-bounds memory write operations and a NULL pointer dereference in giflib. Impact An attacker could craft a malicious GIF image and entice users to load...

Fedora Core 3 : htdig-3.2.0b6-3.FC3.1 (2005-367)

Tue Apr 19 2005 Phil Knirsch 3:3.2.0b6-3.FC3.1 - Fixed security bug with unescaped output in htsearch and qtest 144127 - Removed .la and .a libs from package 145649 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

Fedora Core 4 : rpm-4.4.1-22 (2005-565)

This update corrects security problem CVE-2005-2096. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora Core 4 : krb5-1.4.1-5 (2005-553)

A double-free flaw was found in the krb5recvauth routine which may be triggered by a remote unauthenticated attacker. Fedora Core 4 contains checks within glibc that detect double-free flaws. Therefore, on Fedora Core 4, successful exploitation of this issue can only lead to a denial of service K...

zlib: Buffer overflow

Background zlib is a widely used free and patent unencumbered data compression library. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed...