DLA-60-1 icinga - security update

Bulletin has no description...

CVE-2014-3635

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the maxmessageunixfds limit is set to an odd number, allows local users to cause a denial of service dbus-daemon crash or possibly execute arbitrary code by sending one more fil...

CVE-2014-3635

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the maxmessageunixfds limit is set to an odd number, allows local users to cause a denial of service dbus-daemon crash or possibly execute arbitrary code by sending one more fil...

DEBIAN-CVE-2014-6427

Off-by-one error in the isrtsprequestorreply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service application crash via a crafted packet that triggers parsing of a token...

UBUNTU-CVE-2014-6427

Off-by-one error in the isrtsprequestorreply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service application crash via a crafted packet that triggers parsing of a token...

TinyShop SQL注入（开启GPC，绕过过滤）

简要描述： 之前的都是找程序员的疏忽，这个位置是绕过程序的防注入。 详细说明： 环境： GPC = On public static function sql$str //过滤函数 if !getmagicquotesgpc //gpc off 就转义，把之前那个奇葩的漏洞补了 //不使用主要是因为，先有mysql的连接 //$str = mysqlrealescapestring$str; $str = addslashes$str; $str =...

CVE-2014-5119 glib_gconv_translit_find() exploit | Cloud Foundry

CVE-2014-5119 glibgconvtranslitfind exploit Important Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Ubuntu 12.04 LTS Ubuntu 10.04 LTS Description Certain applications could be made to crash or run programs as an administrator. Off-by-one error in the gconvtranslitfind function in...

DEBIAN-CVE-2014-6270

Off-by-one error in the snmpHandleUdp function in snmpcore.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow...

Heap overflow

Off-by-one error in the snmpHandleUdp function in snmpcore.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow...

Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)

Multiple vulnerabilities has been found and corrected in glibc : When converting IBM930 code with iconv, if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv segfaults CVE-2012-6656. Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C...

Design/Logic Flaw

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended...

CVE-2014-5568

The CVE-2014-5568 entry corresponds to the Android application “Las Vegas Lottery Scratch Off” (com.androkera.lottery) version 1.2, which does not verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ce...

glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find()

An off-by-one heap-based buffer overflow flaw was found in glibc's internal gconvtranslitfind function. An attacker able to make an application call the iconvopen function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that...

UBUNTU-CVE-2014-1563

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via an SVG animation...

glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find()

An off-by-one heap-based buffer overflow flaw was found in glibc's internal gconvtranslitfind function. An attacker able to make an application call the iconvopen function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that...

CVE-2014-5119

CVE-2014-5119 is an off-by-one error in glibc’s gconv transliteration loading code (__gconv_translit_find, gconv_trans.c) that allows context-dependent attackers to crash or execute arbitrary code via crafted CHARSET environment variable input. Affected: glibc and related packages; impact: denial...

CVE-2014-5119

Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...

Code injection

Off-by-one error in the gconvtranslitfind function in gconvtrans.c in GNU C Library aka glibc allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules...

USN-2328-1 eglibc vulnerability

Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. CVE-2014-5119 USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04...

USN-2328-1: GNU C Library vulnerability

Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. CVE-2014-5119 USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04...