6585 matches found
gnupg -- possible infinite recursion in the compressed packet parser
Werner Koch reports: Special crafted input data may be used to cause a denial of service against GPG GnuPG's OpenPGP part and some other OpenPGP implementations. All systems using GPG to process incoming data are affected...
py-suds -- vulnerable to symlink attacks
SUSE reports: cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...
bogofilter -- heap corruption by invalid base64 input
David Relson reports: Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, FU Berlin, Germany...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Account Impersonation: When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user accoun...
plib -- buffer overflow
Secunia reports: A vulnerability has been discovered in PLIB, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "ulSetError" function src/util/ulError.cxx when creating the error message, which...
caml-light -- insecure use of temporary files
caml-light uses mktemp insecurely, and also does unsafe things in /tmp during make install...
VLC -- Heap corruption in MP4 demultiplexer
VideoLAN project reports: When parsing some MP4 MPEG-4 Part 14 files, insufficient buffer size might lead to corruption of the heap...
wordpress -- SQL injection vulnerability
Vendor reports: SQL injection vulnerability in the dotrackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field...
horde-imp -- XSS vulnerability
The Horde team reports: Thanks to Naumann IT Security Consulting for reporting the XSS vulnerability. The major changes compared to IMP version H3 4.3.7 are: Fixed an XSS vulnerability in the Fetchmail configuration...
redmine -- multiple vulnerabilities
Eric Davis reports: This security release addresses some security vulnerabilities found in the advanced subversion integration module Redmine.pm perl script...
bogofilter -- heap underrun on malformed base64 input
Julius Plenz reports: I found a bug in the base64decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string. If a string starting with an equal-sign is passed to the base64decode function it triggers a memory corruption that in some cases...
egroupware -- two vulnerabilities
Egroupware Team report: Nahuel Grisolia from CYBSEC S.A. Security Systems found two security problems in EGroupware: Serious remote command execution allowing to run arbitrary command on the web server by simply issuing a HTTP request!. A reflected cross-site scripting XSS. Both require NO valid...
openx -- sql injection vulnerability
Secunia reports: OpenX can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "bannerid" parameter in www/delivery/ac.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code...
twiki -- Arbitrary code execution in session files
Th1nk3r reports: The version of TWiki installed on the remote host allows access to the 'configure' script and fails to sanitize the 'image' parameter of that script of directory traversal sequences before returning the file contents when the 'action' parameter is set to 'image'. An unauthenticat...
Courier Authentication Library -- SQL Injection
Secunia reports: A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploite...
geeklog xss vulnerability
Geeklog reports: MustLive pointed out a possible XSS in the form to email an article to a friend that we're fixing with this release. Please note that this problem only exists in Geeklog 1.4.0 - neither Geeklog 1.4.1 nor any older versions 1.3.x series have that problem...
opera -- multiple vulnerabilities
An advisory from Opera reports: If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accesing frames from differen...
ldapscripts -- Command Line User Credentials Disclosure
Ganael Laplanche reports: Up to now, each ldap command was called with the -w parameter, which allows to specify the bind password on the command line. Unfortunately, this could make the password appear to anybody performing a ps during the call. This is now avoided by using the -y parameter and ...
dokuwiki -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in DokuWiki, which can be exploited by malicious people to cause a DoS Denial of Service or potentially compromise a vulnerable system. Input passed to the "w" and "h" parameters in lib/exec/fetch.php is not properly sanitised before being...
dokuwiki -- multiple vulnerabilities
Multiple vulnerabilities have been reported within dokuwiki. dokuwiki is proven vulnerable to: arbitrary PHP code insertion via spellcheck module, XSS attack via "Update your account profile," bypassing of ACL controls when enabled...
freeciv -- Packet Parsing Denial of Service Vulnerability
Secunia reports: Luigi Auriemma has reported a vulnerability in Freeciv, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error within the handling of the packet length in "common/packets.c". This can be exploited to crash the...
pubcookie-login-server -- cross site scripting vulnerability
Nathan Dors of the Pubcookie Project reports: Multiple non-persistent XSS vulnerabilities were found in the Pubcookie login server's compiled binary "index.cgi" CGI program. The CGI program mishandles untrusted data when printing responses to the browser. This makes the program vulnerable to...
coppermine -- File Inclusion Vulnerabilities
Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people and by malicious users to compromise a vulnerable system. 1 Input passed to the "lang" parameter in include/init.inc.php isn't properly verified, before it is used to include files. This can...
cfengine -- arbitrary file overwriting vulnerability
A Debian Security Advisory reports: Javier Fernández-Sanguino Peña discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine,...
urban -- stack overflow vulnerabilities
Several filename-related stack overflow bugs allow a local attacker to elevate its privileges to the games group, since urban is installed setgid games. Issue discovered and fixed by...
fetchmail -- denial of service/crash from malicious POP3 server
In fetchmail 6.2.5.1, the remote code injection via POP3 UIDL was fixed, but a denial of service attack was introduced: Two possible NULL-pointer dereferences allow a malicious POP3 server to crash fetchmail by respondig with UID lines containing only the article number but no UID in violation of...
Macromedia flash player -- swf file handling arbitrary code
A Secunia Advisory reports: A vulnerability has been reported in Macromedia Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file. This value is used a...
oops -- format string vulnerability
A RST/GHC Advisory reports that there is an format string vulnerability in oops. The vulnerability can be found in the MySQL/PgSQL authentication module. Succesful exploitation may allow execution of arbitrary code...
phpbb -- Insuffient check against HTML code in usercp_register.php
Neo Security Team reports: If we specify a variable in the html code any type: hidden, text, radio, check, etc with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature. This is a low risk vulnerability that allows users to bypass...
gforge -- directory traversal vulnerability
An STG Security Advisory reports: GForge CVS module made by Dragos Moinescu and another module made by Ronald Petty have a directory traversal vulnerability. ... malicious attackers can read arbitrary directory lists...
newsgrab -- directory traversal vulnerability
The newsgrab script creates files by using the names provided in the newsgroup messages in a perl open call. This is done without performing any security checks to prevent a directory traversal. A specially crafted newsgroup message could cause newsgrab to drop an attachment anywhere on the file...
libxine -- buffer-overflow vulnerability in aiff support
Due to a buffer overflow in the openaifffile function in demuxaiff.c, a remote attacker is able to execute arbitrary code via a modified AIFF file...
gaim -- MSN denial-of-service vulnerabilities
The Gaim team discovered denial-of-service vulnerabilities in the MSN protocol handler: After accepting a file transfer request, Gaim will attempt to allocate a buffer of a size equal to the entire filesize, this allocation attempt will cause Gaim to crash if the size exceeds the amount of...
sudo -- environmental variable CDPATH is not cleared
A sudo bug report says: sudo doesn't unset the CDPATH variable, which leads to possible security problems...
horde -- cross-site scripting vulnerability in help window
A Horde Team announcement states that a potential cross-site scripting vulnerability in the help window has been corrected. The vulnerability appears to involve the handling of the topic and module parameters of the help window template...
php -- php_variables memory disclosure
Stefano Di Paola reports: Bad array parsing in phpvariables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables...
tor -- remote DoS and loss of anonymity
Tor has various remote crashes which could lead to a remote denial-of-service and be used to defeat clients anonymity. It is not expected that these vulnerabilities are exploitable for arbitrary code execution...
mnGoSearch buffer overflow in UdmDocToTextBuf()
Jedi/Sector One reported the following on the full-disclosure list: Every document is stored in multiple parts according to its sections description, body, etc in databases. And when the content has to be sent to the client, UdmDocToTextBuf concatenates those parts together and skips metadata...
Samba 3.0.x password initialization bug
From the Samba 3.0.2 release notes: Security Announcement: It has been confirmed that previous versions of Samba 3.0 are susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script...
Buffer overflows in libmcrypt
libmcrypt does incomplete input validation, leading to several buffer overflows. Additionally, a memory leak is present. Both of these problems may be exploited in a denial-of-service attack...
mod_access_referer -- null pointer dereference vulnerability
A malformed Referer header field causes the Apache apparseuricomponents function to discard it with the result that a pointer is not initialized. The modaccessreferer module does not take this into account with the result that it may use such a pointer. The null pointer vulnerability may possibly...
leafnode denial-of-service triggered by article request
The leafnode NNTP server may go into an unterminated loop with 100% CPU use when an article is requested by Message-ID that has been crossposted to several news groups when one of the group names is the prefix of another group name that the article was cross-posted to. Found by Jan Knutar...
FreeBSD -- Missing validation in ptrace(PT_SC_REMOTE)
Problem Description: ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. Impact: T...
zeek -- potential DoS vulnerability
Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP could cause Zeek to use large amounts of memory and potentially crash...
Roundcube -- Multiple vulnerabilities
The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler password could get changed without providing the old password IMAP Injection + CSRF bypass in mail search remote image blocking bypass via various SVG animate attributes remot...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Improper validation of PBMAC1 parameters in PKCS12 MAC verification CVE-2025-11187 Stack buffer overflow in CMS AuthEnvelopedData parsing CVE-2025-15467 NULL dereference in SSLCIPHERfind function on unknown cipher ID CVE-2025-15468 "openssl dgst" one-shot codepath...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 2 security fixes: 405140652 High CVE-2025-3066: Use after free in Site Isolation. Reported by Sven Dysthe @svn-dys on 2025-03-21...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 11 security bugs in Chromium: CVE-2024-11477: 7-Zip Zstd decompression integer underflow CVE-2025-0762: Use after free in DevTools CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0998: Out of bounds memory access in V8...
Gitlab -- Vulnerabilities
Gitlab reports: Possible access token exposure in GitLab logs Cyclic reference of epics leads resource exhaustion Unauthorized user can manipulate status of issues in public projects Instance SAML does not respect externalprovider configuration...
firefox -- multiple vulnerabilities
[email protected] reports: CVE-2024-11692: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. CVE-2024-11696: The application failed to account for exceptions thrown by the loadManifestFromFile method...