Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-347-1)

Sridhar Samudrala discovered a local Denial of Service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SOLINGER value, a local attacker could exploit this to crash the kernel. CVE-2006-4535 Kirill Korotaev discovered that the ELF loader on the ia64 and sparc...

Ubuntu 5.04 / 5.10 / 6.06 LTS : qt-x11-free vulnerability (USN-368-1)

An integer overflow was discovered in Qt's image loader. By processing a specially crafted image with an application that uses this library like Konqueror, a remote attacker could exploit this to execute arbitrary code with the application's privileges. Note that Tenable Network Security has...

Ubuntu 5.10 : tetex-bin vulnerability (USN-410-2)

USN-410-1 fixed vulnerabilities in the poppler PDF loader library. This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 5.10. Versions of tetex-bin after Ubuntu 5.10 use poppler directly and do not need a separate update. The poppler PDF loader library did...

Mandrake Linux Security Advisory : xen (MDKSA-2007:203)

Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain CVE-2007-1320. Tavis...

openSUSE 10 Security Update : libexif5 (libexif5-3704)

A denial of service problem crash was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. CVE-2007-2645 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

openSUSE 10 Security Update : gimp (gimp-1921)

A buffer overflow was fixed in the xcf loader in GIMP that allows user-complicit attackers to cause a denial of service crash and possibly execute arbitrary code via an XCF file with a large numaxes value in the VECTORS property. CVE-2006-3404 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

openSUSE 10 Security Update : xine-lib (xine-lib-2989)

The DirectShow loader uses wrong parameters in the memcpy function call which leads to a buffer overflow. CVE-2007-1246 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...

openSUSE 10 Security Update : libexif5 (libexif5-3724)

A denial of service problem crash was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. CVE-2007-2645 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Design/Logic Flaw

ioncubeloaderwin5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncubereadfile function...

CVE-2007-5447

ioncubeloaderwin5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncubereadfile function...

CVE-2007-5447

ioncubeloaderwin5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncubereadfile function...

CVE-2007-5447

CVE-2007-5447 affects ionCube Loader 6.5 for PHP 5.2.4. The ioncube_loader_win_5.2.dll does not enforce safe_mode or disable_functions, enabling context-dependent attackers to read arbitrary files via ioncube_read_file. This vulnerability is documented in the NVD entry for CVE-2007-5447 and is ec...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to 1 core/modules/my/my.module.php or 2 core/modules/xml/xml.module.php; the COREROOT parameter to 3 config.loader.php, 4...

Gimp image loader multiple input validation flaws

The 1 psp aka .tub, 2 bmp, 3 pcx, and 4 psd plugins in gimp allow user-assisted remote attackers to cause a denial of service crash or memory consumption via crafted image files, as discovered using the fusil fuzzing tool...

Mandrake Linux Security Advisory : gimp (MDKSA-2007:170)

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in 1 DICOM, 2 PNM, 3 PSD, 4 PSP, 5 Sun RAS, 6 XBM, and 7 XWD files. CVE-2006-4519 Integer overflow in the seektoandunpackpixeldata...

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2...

Critical: Red Hat Security Advisory: java-1.5.0-sun security update

Updated java-1.5.0-sun packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the software and tools that user...

Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions

Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...

CVE-2007-3922

Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...

Security feature bypass

Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...