617 matches found
[SECURITY] [DSA 688-1] New squid packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 688-1 [email protected] http://www.debian.org/security/ Martin Schulze February 23rd, 2005 http://www.debian.org/security/faq -...
Debian DSA-689-1 : libapache-mod-python - missing input sanitizing
Graham Dumpleton discovered a flaw which can affect anyone using the publisher handle of the Apache Software Foundation's modpython. The publisher handle lets you publish objects inside modules to make them callable via URL. The flaw allows a carefully crafted URL to obtain extra information that...
DSA-688-1 squid - mising input sanitising
Bulletin has no description...
DSA-689-1 libapache-mod-python - missing input sanitising
Bulletin has no description...
Debian DSA-688-1 : squid - missing input sanitising
Upstream developers have discovered several problems in squid, the Internet object cache, the popular WWW proxy cache. A remote attacker can cause squid to crash via certain DNS responses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Debian DSA-686-1 : gftp - missing input sanitising
Albert Puigsech Galicia discovered a directory traversal vulnerability in a proprietary FTP client CAN-2004-1376 which is also present in gftp, a GTK+ FTP client. A malicious server could provide a specially crafted filename that could cause arbitrary files to be overwritten or created by the...
[SECURITY] [DSA 686-1] New gftp packages fix directory traversal vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 686-1 [email protected] http://www.debian.org/security/ Martin Schulze February 17th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 682-1 [email protected] http://www.debian.org/security/ Martin Schulze February 15th, 2005 http://www.debian.org/security/faq -...
DSA-682-1 awstats - missing input sanitising
Bulletin has no description...
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 650-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 604-1] New hpsockd packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 604-1 [email protected] http://www.debian.org/security/ Martin Schulze December 3rd, 2004 http://www.debian.org/security/faq -...
DSA-604-1 hpsockd - missing input sanitising
Bulletin has no description...
[SECURITY] [DSA 596-2] New sudo packages removes debug output
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 596-2] New sudo packages removes debug output
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 596-1] New sudo packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-1 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 596-1] New sudo packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-1 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
Debian DSA-596-2 : sudo - missing input sanitising
Liam Helmer noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. Bash functions and the CDPATH variable are still passed through to the program running as privileged user, leaving possibilities to overload system...
phpMyAdmin -- cross-site scripting vulnerabilities
Multiple cross-site scripting vulnerabilities, caused by improper input parameter sanitizing, were detected in phpMyAdmin, which may enable an attacker to do cross-site scripting attacks...
sudo -- privilege escalation with bash scripts
A Sudo Security Alerts reports: A flaw in exists in sudo's environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands...
Debian DSA-564-1 : mpg123 - missing user input sanitising
Davide Del Vecchio discovered a vulnerability in mpg123, a popular but non-free MPEG layer 1/2/3 audio player. A malicious MPEG layer 2/3 file could cause the header checks in mpg123 to fail, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123...