6583 matches found
krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]
No advisory has been released yet. Fix a null pointer dereference in the KDC PKINIT code CVE-2013-1415...
Exim -- remote code execution
This vulnerability affects Exim instances built with DKIM enabled this is the default for FreeBSD Exim port and running verification of DKIM signatures on the incoming mail messages. Phil Penncock reports: This is a SECURITY release, addressing a CRITICAL remote code execution flaw in versions of...
emacs -- remote code execution vulnerability
Chong Yidong reports: Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option enable-local-variables' is set to :safe' the default value is t, Emacs should automatically refuse to evaluate eval' forms in file-local variable sections. Due to th...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Information Leak Versions: 4.1.1 to 4.2.1, 4.3.1 In HTML bugmails, all bug IDs and attachment IDs are linkified, and hovering these links displays a tooltip with the bug summary or the attachment...
dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure
ISC reports: High numbers of queries with DNSSEC validation enabled can cause an assertion failure in named, caused by using a 'bad cache' data structure before it has been initialized. BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken...
pidgin-otr -- format string vulnerability
The authors report: Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format string security flaw. This flaw could potentially be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine. The flaw is in pidgin-otr, not in libotr. Other applications...
net-snmp -- Remote DoS
The Red Hat Security Response Team reports: An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker having read privilege...
phpMyAdmin -- XSS in replication setup
The phpMyAdmin development team reports: It was possible to conduct XSS using a crafted database name...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 73478 Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. 92550 Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. 93106 High CVE-2011-3955: Crash aborting an...
OpenSSL -- DTLS Denial of Service
The OpenSSL Team reports: A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106672 High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. 107128 High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Juri Aedla. 108006 High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google...
phpmyadmin -- multiple vulnerabilities
The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...
krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]
An advisory published by the MIT Kerberos team says: The password-changing capability of the MIT krb5 administration daemon kadmind has a bug that can cause it to attempt to free an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of...
isc-dhcp-client -- dhclient does not strip or escape shell meta-characters
ISC reports: ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client...
php-filter -- Denial of Service
The following DoS condition in filter extension was fixed in PHP 5.3.4 and PHP 5.2.15: Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory...
phpMyAdmin -- XSS attack in database search
phpMyAdmin team reports: It was possible to conduct a XSS attack using spoofed request on the db search script...
webkit-gtk2 -- Multiple vulnerabilities
Gustavo Noronha Silva reports: With help from Vincent Danen and other members of the Red Hat security team, the following CVE's where fixed...
apache -- Remote DoS bug in mod_cache and mod_dav
Apache ChangeLog reports: moddav, modcache: Fix Handling of requests without a path segment...
firefox -- WOFF heap corruption due to integer overflow
Mozilla Project reports: MFSA 2010-08 WOFF heap corruption due to integer overflow...
mozilla -- multiple vulnerabilities
Mozilla Project reports: MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch MFSA 2010-06 Scriptable plugin execution in SeaMonkey mail MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-59 Heap buffer...
dokuwiki -- multiple vulnerabilities
Dokuwiki reports: The plugin does no checks against cross-site request forgeries CSRF which can be exploited to e.g. change the access control rules by tricking a logged in administrator into visiting a malicious web site. The bug allows listing the names of arbitrary file on the webserver - not...
phpmyadmin -- insufficient output sanitizing when generating configuration file
phpMyAdmin reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...
ziproxy -- multiple vulnerability
Ziproxy Developers reports: Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the...
typo3 -- cross-site scripting and information disclosure
Secunia reports: Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Input passed via unspecified fields to the backend user interface is not properly sanitised before being return...
clamav -- off-by-one heap overflow in VBA project parser
Advisory from Moritz Jodeit, November 8th, 2008: ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the clamd' process by sending an email...
vim -- multiple vulnerabilities in the netrw module
Jan Minar reports: Applying the D'' to a file with a crafted file name, or inside a directory with a crafted directory name, can lead to arbitrary code execution. Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name. The Vim Netrw...
mod_jk -- long URL stack overflow vulnerability
TippingPoint and The Zero Day Initiative reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. The specific flaw exists in the URI handler fo...
gnupg -- remotely controllable function pointer
Werner Koch reports: GnuPG uses data structures called filters to process OpenPGP messages. These filters are used in a similar way as a pipelines in the shell. For communication between these filters context structures are used. These are usually allocated on the stack and passed to the filter...
bind9 -- Denial of Service in named(8)
Problem Description For a recursive DNS server, a remote attacker sending enough recursive queries for the replies to arrive after all the interested clients have left the recursion queue will trigger an INSIST failure in the named8 daemon. Also for a recursive DNS server, an assertion failure ca...
cscope -- Buffer Overflow Vulnerabilities
Secunia reports: Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause...
mysql -- format string vulnerability
Jean-David Maillefer reports a Denial of Service vulnerability within MySQL. The vulnerability is caused by improper checking of the dataformat routine, which cause the MySQL server to crash. The crash is triggered by the following code: "SELECT dateformat'%d%s', 1;...
apache -- mod_imap cross-site scripting flaw
The Apache HTTP Server Project reports: A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...
libwww -- multiple vulnerabilities
Mitre reports: The HTBoundaryputblock function in HTBound.c for W3C libwww w3c-libwww allows remote servers to cause a denial of service segmentation fault via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. The big2toUtf8 function in lib/xmltok.c in libexpat in...
phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution
If magic quotes are off there's a SQL injection when sending a forgotten password. It's possible to overwrite the admin password and to take over the whole system. In some files in the admin section there are some cross site scripting vulnerabilities. In the public frontend it's possible to inclu...
opera -- "javascript:" URL cross-site scripting vulnerability
A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to read local files. The vulnerability is caused due to Opera not properly restricting the privileges of "javascript:" URLs...
postgresql -- character conversion and tsearch2 vulnerabilities
The postgresql development team reports: The more severe of the two errors is that the functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument...
xpdf -- makeFileKey2() buffer overflow vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability specifically exists due to insufficient...
cups-base -- CUPS server remote DoS vulnerability
Kenshi Muto discovered that the CUPS server would enter an infinite loop when processing a URL containing /...
vim -- vulnerabilities in modeline handling
Ciaran McCreesh discovered news ways in which a VIM modeline can be used to trojan a text file. The patch by Bram Moolenaar reads: Problem: Unusual characters in an option value may cause unexpected behavior, especially for a modeline. Ciaran McCreesh Solution: Don't allow setting termcap options...
web browsers -- window injection vulnerabilities
A Secunia Research advisory reports: Secunia Research has reported a vulnerability in multiple browsers, which can be exploited by malicious people to spoof the content of websites. The problem is that a website can inject content into another site's window if the target name of the window is...
jdk/jre -- Security Vulnerability With Java Plugin
The Sun Java Plugin capability in Java 2 Runtime Environment JRE 1.4.201, 1.4.204, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code...
bnc -- remotely exploitable buffer overflow in getnickuserhost
A LSS Security Advisory reports: There is a buffer overflow vulnerability in getnickuserhost function that is called when BNC is processing response from IRC server. Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If t...
subversion -- WebDAV fails to protect metadata
In some situations, subversion metadata may be unexpectedly disclosed via WebDAV. A subversion advisory states: modauthzsvn, the Apache httpd module which does path-based authorization on Subversion repositories, is not correctly protecting all metadata on unreadable paths. This security issue is...
mysql -- mysqlhotcopy insecure temporary file creation
According to Christian Hammers: mysqlhotcopy created temporary files in /tmp which had predictable filenames and such could be used for a tempfile run attack. Jeroen van Wolffelaar is credited with discovering the issue...
Ruby insecure file permissions in the CGI session management
According to a Debian Security Advisory: Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore ... implementations store session information insecurely. They simply create files, ignoring...
kdelibs insecure temporary file handling
According to a KDE Security Advisory, KDE may sometimes create temporary files without properly checking the ownership and type of the target path. This could allow a local attacker to cause KDE applications to overwrite arbitrary files...
mozilla -- security icon spoofing
Under certain situations it is possible for the security icon which Mozilla displays when connected to a site using SSL to be spoofed. This could be used to make so-called "phishing attacks" more difficult to detect...
racoon remote denial of service vulnerability (IKE Generic Payload Header)
When racoon receives an IKE message with an incorrectly constructed Generic Payload Header, it may behave erratically, going into a tight loop and dropping connections...
Apache httpd -- DoS exploit in HTTP/2
Calif security reports: Remote DoS in modhttp2...
Vaultwarden -- Multiple vulnerabilities
The Vaultwarden project reports: GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization Vault. GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp rotatio...