6585 matches found
libvncserver -- multiple security vulnerabilities
Nicolas Ruff reports: Integer overflow in MallocFrameBuffer on client side. Lack of malloc return value checking on client side. Server crash on a very large ClientCutText message. Server crash when scaling factor is set to zero. Multiple stack overflows in File Transfer feature...
subversion -- several vulnerabilities
Subversion Project reports: Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating...
tomcat -- multiple vulnerabilities
Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...
Python -- buffer overflow in socket.recvfrom_into()
Vincent Danen via Red Hat Issue Tracker reports: A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the...
file -- out-of-bounds access in search rules with offsets from input file
Aaron Reffett reports: softmagic.c in file ... and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...
cURL library -- cert name check ignore with GnuTLS
cURL project reports: libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...
privoxy -- malicious server spoofing as proxy vulnerability
Privoxy Developers reports: Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 176882 High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. 176252 High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". 172926 172331 High CVE-2013-0904: Memory corruption in Web Audio. Credit to...
net/openafs -- buffer overflow
Nickolai Zeldovich reports: An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server...
piwigo -- CSRF/Path Traversal
High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...
tomcat -- denial of service
The Apache Software Foundation reports: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Information Leak If the visibility of a custom field is controlled by a product or a component of a product you cannot see, their names are disclosed in the JavaScript code generated for this...
sympa -- Multiple Security Bypass Vulnerabilities
Secunia team reports: Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions. The vulnerabilities are caused due to the application allowing access to archive functions without checking credentials. This can be...
FreeBSD -- OpenSSL multiple vulnerabilities
Problem description: OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could...
net-snmp -- Remote DoS
The Red Hat Security Response Team reports: An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker having read privilege...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 113902 High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. 116162 High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. 116461 High CVE-2011-3051: Use-after-free in CSS cross-fad...
freetype -- multiple vulnerabilities
The Freetype project reports: Multiple vulnerabilities exist in freetype that can result in application crashes and remote code execution. Please review the details in each of the CVEs for additional information...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-01 Miscellaneous memory safety hazards rv:10.0/ rv:1.9.2.26 MFSA 2012-02 Overly permissive IPv6 literal syntax MFSA 2012-03 iframe element exposed across domains via name attribute MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal o...
FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)
Problem Description: The code used to decompress a file created by compress1 does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted fi...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.2.159.1 and earlier versions Adobe Flash Player 10.2.154.28 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.2.157.51 and...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2010-74 Miscellaneous memory safety hazards rv:1.9.2.13/ 1.9.1.16 MFSA 2010-75 Buffer overflow while line breaking after document.write with long string MFSA 2010-76 Chrome privilege escalation with window.open and isindex element MFSA 2010-77 Crash and remote co...
wget -- multiple HTTP client download filename vulnerability
GNU Wget version 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a...
png -- libpng decompression buffer overflow
The PNG project describes the problem in an advisory: Several versions of libpng through 1.4.2 and through 1.2.43 in the older series contain a bug whereby progressive applications such as web browsers or the rpng2 demo app included in libpng could receive an extra row of image data beyond the...
gtar -- buffer overflow in rmt client
Jakob Lell reports: The rmt client implementation of GNU Tar/Cpio contains a heap-based buffer overflow which possibly allows arbitrary code execution. The problem can be exploited when using an untrusted/compromised rmt server...
PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection
PEAR Security Advisory reports: Multiple remote arbitrary command injections have been found in the NetPing and NetTraceroute. When input from forms are used directly, the attacker could pass variables that would allow him to execute remote arbitrary command injections...
fetchmail -- improper SSL certificate subject verification
Matthias Andree reports: Moxie Marlinspike demonstrated in July 2009 that some CAs would sign certificates that contain embedded NUL characters in the Common Name or subjectAltName fields of ITU-T X.509 certificates. Applications that would treat such X.509 strings as NUL-terminated C strings...
isc-dhcp-client -- Stack overflow vulnerability
US-CERT reports: The ISC DHCP dhclient application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code with root privileges...
ntp -- stack-based buffer overflow
US-CERT reports: ntpd contains a stack buffer overflow which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service...
moinmoin -- multiple cross site scripting vulnerabilities
Secunia reports: Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Certain input passed to...
dovecot-managesieve -- Script Name Directory Traversal Vulnerability
Secunia reports: The security issue is caused due to an input validation error when processing script names. This can be exploited to read or modify arbitrary files having ".sieve" extensions via directory traversal attacks, with the privileges of the attacker's user id...
libxml2 -- multiple vulnerabilities
Secunia reports: Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS Denial of Service or to potentially compromise an application using the library. 1 An integer overflow error in the "xmlSAX2Characters" function can be exploited to trigge...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends users...
libxml2 -- two vulnerabilities
Secunia reports: Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS Denial of Service or potentially compromise an application using the library. 1 A recursion error exists when processing certain XML content. This can be exploited to e.g...
ruby -- multiple vulnerabilities in safe level
The official ruby site reports: Several vulnerabilities in safe level have been discovereds:. untracevar is permitted at safe level 4; $PROGRAMNAME may be modified at safe level 4; insecure methods may be called at safe level 1-3; syslog operations are permitted at safe level 4; dl doesn't check...
php -- input validation error in safe_mode
According to Maksymilian Arciemowicz research, it is possible to bypass security restrictions of safemode in various functions via directory traversal vulnerability. The attacker can use this attack to gain access to sensitive information. Functions utilizing expandfilepath may be affected. It...
rubygem-rails -- session-fixation vulnerability
Rails core team reports: The rails core team has released ruby on rails 1.2.6 to address a bug in the fix for session fixation attacks CVE-2007-5380. The CVE Identifier for this new issue is CVE-2007-6077...
opera -- multiple vulnerabilities
Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability: Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern c...
squirrelmail -- Cross site scripting in HTML filter
The SquirrelMail developers report: Multiple cross-site scripting XSS vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the 1 data: URI in an HTML e-mail attachment or 2 various non-ASCII character sets that a...
Squid -- TRACE method handling denial of service
Squid advisory 2007:1 notes: Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. Workarounds: To work around the problem deny access to using the TRACE method by inserting the following two lines before your first httpaccess rul...
php -- _ecalloc Integer Overflow Vulnerability
Stefan Esser reports: The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflo...
php -- multiple vulnerabilities
The PHP development team reports: Added missing safemode/openbasedir checks inside the errorlog, fileexists, imapopen and imapreopen functions. Fixed overflows inside strrepeat and wordwrap functions on 64bit systems. Fixed possible openbasedir/safemode bypass in cURL extension and with realpath...
freetype -- LWFN Files Buffer Overflow Vulnerability
SecurityTracker reports: A vulnerability was reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted font file that, when loaded by the target user's system, will trigger an integer underflow or integer...
xorg-server -- privilege escalation
Daniel Stone of X.Org reports: During the analysis of results from the Coverity code review of X.Org, we discovered a flaw in the server that allows local users to execute arbitrary code with root privileges, or cause a denial of service by overwriting files on the system, again with root...
firefox & mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security vulnerabilities in Firefox and Mozilla: MFSA 2005-56 Code execution through shared function objects MFSA 2005-55 XHTML node spoofing MFSA 2005-54 Javascript prompt origin spoofing MFSA 2005-53 Standalone applications can run arbitrary code throu...
firefox -- arbitrary code execution from sidebar panel
A Mozilla Foundation Security Advisory states: If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...
xloadimage -- arbitrary command execution when handling compressed files
Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...
ez-ipupdate -- format string vulnerability
Data supplied by a remote server is used as the format string instead of as parameters in a syslog call. This may lead to crashes or potential running of arbitrary code. It is only a problem when running in daemon mode very common and when using some service types...
mozilla -- BMP decoder vulnerabilities
Gael Delalleau discovered several integer overflows in Mozilla's BMP decoder that can result in denial-of-service or arbitrary code execution...
mozilla -- multiple heap buffer overflows
Several heap buffer overflows were discovered and fixed in the most recent versions of Mozilla, Firefox, and Thunderbird. These overflows may occur when: Using the "Send Page" function. Checking mail on a malicious POP3 server. Processing non-ASCII URLs. Each of these vulnerabilities may be...