MGASA-2015-0276 Updated php package fixes security vulnerabilities

Segfault in Phar::convertToData on invalid file CVE-2015-5589. Buffer overflow and stack smashing error in pharfixfilepath CVE-2015-5590. The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw,...

Updated php package fixes security vulnerabilities

Segfault in Phar::convertToData on invalid file CVE-2015-5589. Buffer overflow and stack smashing error in pharfixfilepath CVE-2015-5590. The php package has been updated to version 5.5.27, which fixes these issues, as well as other possible bugs and security issues, including the BACKRONYM flaw,...

php-phar -- multiple vulnerabilities

reports: Segfault in Phar::convertToData on invalid file. Buffer overflow and stack smashing error in pharfixfilepath...

Mandriva Linux Security Advisory : libjpeg (MDVSA-2015:152)

Updated libjpeg packages fix security vulnerability : Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing CVE-2014-9092. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandriva Linux...

Chemtool 1.6.14 Memory Corruption

Document Title: =============== Chemtool 1.6.14 Memory Corruption Vulnerability Date: ============= 08/02/2015 Vendor Homepage: ================ http://ruby.chemie.uni-freiburg.de/martin/chemtool/ Abstract Advisory Information: ============================== Memory Corruption Vulnerability on...

[ MDVSA-2015:014 ] libjpeg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:014 http://www.mandriva.com/en/support/security/ Package : libjpeg Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated libjpeg packages fix security vulnerability: Passing a...

i-FTP Schedule Buffer Overflow Exploit

This Metasploit module exploits a stack-based buffer overflow vulnerability in i-Ftp version 2.20, caused by a long time value set for scheduled download. By persuading the victim to place a specially-crafted Schedule.xml file in the i-FTP folder, a remote attacker could execute arbitrary code on...

Updated libjpeg packages fix security vulnerability

Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing CVE-2014-9092...

MGASA-2014-0544 Updated libjpeg packages fix security vulnerability

Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing CVE-2014-9092...

libjpeg-turbo: denial of service

Special crafted jpeg files lead to stack smashing and lead to at least a dos maybe remote due to imagick. The Huffman encoder's local buffer can be overrun when a buffered destination manager is being used and an extremely-high-frequency block basically junk image data is being encoded. Even thou...

[SECURITY] [DSA 2664-1] stunnel4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2664-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 2, 2013 http://www.debian.org/security/faq -...

Debian DSA-2664-1 : stunnel4 - buffer overflow

Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager NTLM authentication 'protocolAuthentication = NTLM' together with the 'connect'protocol method 'protocol = connect'. With these...

[SECURITY] [DSA 2664-1] stunnel4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2664-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 2, 2013 http://www.debian.org/security/faq -...

DSA-2664-1 stunnel4 - buffer overflow

Bulletin has no description...

MySQL 5.5.8 Denial Of Service

import socket, sys print "\n" print "----------------------------------------------------------------" print "| MySQL 5.5.8 Null Ptr windows |" print "| Level Smash the Stack |" print "----------------------------------------------------------------" print "\n"...

ProFTPD IAC Remote Root Exploit

No description provided by source. Exploit Title: ProFTPD IAC Remote Root Exploit Date: 7 November 2010 Author: Kingcope use IO::Socket; $numtargets = 13; @targets = Plain Stack Smashing Confirmed to work "FreeBSD 8.1 i386, ProFTPD 1.3.3a Server binary", PLATFORM SPEC "FreeBSD", OPERATING SYSTEM ...

ProFTPD IAC Remote Root Exploit

Exploit Title: ProFTPD IAC Remote Root Exploit Date: 7 November 2010 Author: Kingcope use IO::Socket; $numtargets = 13; @targets = Plain Stack Smashing Confirmed to work "FreeBSD 8.1 i386, ProFTPD 1.3.3a Server binary", PLATFORM SPEC "FreeBSD", OPERATING SYSTEM 0, EXPLOIT STYLE 0xbfbfe000, OFFSET...

Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A buffer overflow vulnerability has been reported for Linuxconf. The...

CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies

CORE SECURITY TECHNOLOGIES Advisory http://www.corest.com Multiple vulnerabilities in stack smashing protection technologies Date Published: 2002-04-23 Last Update: 2002-04-23 Advisory ID: CORE-20020409 Bugtraq ID: Non-assigned yet CVE CAN: Non-assigned yet Title: Multiple vulnerabilities in stac...

Multiple vulnerabilities in stack smashing protection technologies.

Advisory ID Internal CORE-20020409 Advisory Information: Advisory ID: CORE-20020409 Bugtraq ID:4586, 4589 CVE Name: Non-assigned yet Title: Multiple vulnerabilities in stack smashing protection technologies. Class: Design limitation, Implementation flaw Remotely Exploitable: Yes Locally...