442 matches found
Debian DSA-1599-1 : dbus - programming error
Havoc Pennington discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
CERT-FI Vulnerability Advisory on OpenSSL
CERT-FI Vulnerability Advisory on OpenSSL Version Information Advisory Reference FICORA 130450 Release Date 28 May 2008 10:30 UTC Last Revision 28 May 2008 Version Number 1.1 Acknowledgement Vulnerabilities were discovered by Ossi Herrala and Jukka Taimisto from the CROSS project at Codenomicon...
Debian: Security Advisory (DSA-1580-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1580-1 : phpgedview - programming error
It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error. Note: this problem was a fundamental design flaw in the interface API to connect phpGedView with external programs...
[SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-1580-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 20, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1580-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 20, 2008 http://www.debian.org/security/faq -...
DSA-1580-1 phpgedview - privilege escalation
Bulletin has no description...
[SECURITY] [DSA 1566-1] New cpio packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1566-1 [email protected] http://www.debian.org/security/ Steve Kemp May 02, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
Debian DSA-1562-1 : iceape - programming error
It was discovered that crashes in the JavaScript engine of Iceape, an unbranded version of the SeaMonkey internet suite could potentially lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian DSA-1561-1 : ldm - programming error
Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host. NOTE: most ldm installs are likely to be in a chroot environment exported over NFS...
[SECURITY] [DSA 1563-1] New asterisk packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1563-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 30, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1561-1] New ldm packages fix information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1561-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 28, 2008 http://www.debian.org/security/faq -...
Debian DSA-1558-1 : xulrunner - programming error
It was discovered that crashes in the JavaScript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securit...
Debian DSA-1555-1 : iceweasel - programming error
It was discovered that crashes in the JavaScript engine of Iceweasel, an unbranded version of the Firefox browser, could potentially lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
[SECURITY] [DSA 1558-1] New xulrunner packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1558-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 24, 2008 http://www.debian.org/security/faq -...
Debian DSA-1550-1 : suphp - programming error
It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
Debian: Security Advisory (DSA-1541-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1522-1 : unzip - programming error
Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution CVE-2008-0888 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Debian DSA-1518-1 : backup-manager - programming error
Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password which provides access to all backed-up files from the process listing. %NASLMINLEVEL 70300 C Tenab...
php5. 2. 3 remote CGI buffer overflow vulnerability-vulnerability warning-the black bar safety net
yuange Affected versions: php5. 2. 3 Does not affect the version: other version php5. 2. 3 in processing the CGI of the time, due to a programming error, missing parentheses, and wrong calculation of string length, resulting in a heap buffer overflow and possible remote execution of arbitrary cod...