33 matches found
[SECURITY] [DSA 2791-1] tryton-client security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2791-1 [email protected] http://www.debian.org/security/ Florian Weimer November 04, 2013 http://www.debian.org/security/faq -...
Debian DSA-2791-1 : tryton-client - missing input sanitization
Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client...
Debian DSA-2449-1 : sqlalchemy - missing input sanitization
It was discovered that SQLAlchemy, a SQL toolkit and object relational mapper for Python, is not sanitizing input passed to the limit/offset keywords to select as well as the value passed to select.limit/offset. This allows an attacker to perform SQL injection attacks against applications using...
FreePBX 2.10.0 Remote Command Execution / XSS
Product: FreePBX Version: 2.10.0, 2.9.0 and perhaps earlier versions Type: Remote Command Execution, XSS Release Date: March 14, 2012 Vendor Notification Date: Jun 12, 2011 Author: Martin Tschirsich Overview: A remote command execution vulnerability and some XSS in current and earlier FreePBX...
Debian DSA-2302-1 : bcfg2 - missing input sanitization
It has been discovered that the Bcfg2 server, a configuration management server for Bcfg2 clients, is not properly sanitizing input from Bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a Bcfg2 client to execute arbitrary commands on the server wit...
CentOS Update for gd CESA-2010:0003 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian DSA-2213-1 : x11-xserver-utils - missing input sanitization
Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils, a X server resource database utility, is not properly filtering crafted hostnames. This allows a remote attacker to execute arbitrary code with root privileges given that either remote logins via xdmcp are allowed or the...
Debian DSA-2122-1 : glibc - missing input sanitization
Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LDAUDIT environment variable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...
[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-2122-1 [email protected] http://www.debian.org/security/ Florian Weimer October 22, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2021-2] New spamass-milter packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-2021-2 [email protected] http://www.debian.org/security/ Giuseppe Iuculano April 26, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2021-1] New spamass-milter packages fix remote command execution
------------------------------------------------------------------------ Debian Security Advisory DSA-2021-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 22, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2021-1] New spamass-milter packages fix remote command execution
------------------------------------------------------------------------ Debian Security Advisory DSA-2021-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 22, 2010 http://www.debian.org/security/faq -...
Debian DSA-1744-1 : weechat - missing input sanitization
Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients via a crafted PRIVMSG command. The weechat version in the oldstable distribution...