6585 matches found
squid -- Buffer overflow in SNMP processing
The squid-cache project reports: Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer...
phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names
The phpMyAdmin development team reports: Self-XSS due to unescaped HTML output in recent/favorite tables navigation. When marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 3 security fixes in this release: 358038 High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. 349898 High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. 356690 High CVE-2014-1742: Use-after-free in editing. Credit to...
qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler
Richard J. Moore reports: The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug that would lead to a null pointer dereference when loading certain hand crafted corrupt GIF files. This in turn would cause the application loading these hand crafted GIFs to crash...
file -- denial of service
The Fine Free file project reports: file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
django -- multiple vulnerabilities
The Django project reports: These releases address a directory-traversal vulnerability in one of Django's built-in template tags. While this issue requires some fairly specific factors to be exploitable, we encourage all users of Django to upgrade promptly...
devel/subversion -- contrib hook-scripts can allow arbitrary code execution
Subversion team reports: The script contrib/hook-scripts/check-mime-type.pl does not escape argv arguments to 'svnlook' that start with a hyphen. This could be used to cause 'svnlook', and hence check-mime-type.pl, to error out. The script contrib/hook-scripts/svn-keyword-check.pl parses filename...
devel/subversion -- fsfs repositories can be corrupted by newline characters in filenames
Subversion team reports: If a filename which contains a newline character ASCII 0x0a is committed to a repository using the FSFS format, the resulting revision is corrupt...
phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page
The phpMyAdmin development team reports: When modifying a URL parameter with a crafted value it is possible to trigger an XSS. These XSS can only be triggered when a valid database is known and when a valid cookie token is used...
otrs -- Information disclosure and Data manipulation
The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 172342 High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. 180909 Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team Cris Neckar. 180555 Low CVE-2013-0918: Do not navigate dev tools upon drag an...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 172243 High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. 171951 High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. 167069 Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 158204 High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva. 159429 High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva. 160456 Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-90 Fixes for Location object issues...
Wireshark -- Multiple vulnerabilities
Wireshark reports: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by...
FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8)
Problem description: The named8 server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on...
quagga -- multiple vulnerabilities
CERT reports: The ospfd implementation of OSPF in Quagga allows a remote attacker on a local network segment with OSPF enabled to cause a denial of service daemon aborts due to an assert with a malformed OSPF LS-Update message. The ospfd implementation of OSPF in Quagga allows a remote attacker o...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. In addition a patch was release...
Asterisk -- multiple vulnerabilities
The Asterisk Development Team reports: It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticate...
mediawiki -- multiple vulnerabilities
Medawiki reports: An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite...
bugzilla -- multiple serious vulnerabilities
A Bugzilla Security Advisory reports: This advisory covers three security issues that have recently been fixed in the Bugzilla code: A weakness in Bugzilla could allow a user to gain unauthorized access to another Bugzilla account. A weakness in the Perl CGI.pm module allows injecting HTTP header...
exim -- local privilege escalation
David Woodhouse reports: Secondly a privilege escalation where the trusted 'exim' user is able to tell Exim to use arbitrary config files, in which further $run ... commands will be invoked as root...
krb5 -- multiple checksum handling vulnerabilities
The MIT Kerberos team reports: MIT krb5 clients incorrectly accept an unkeyed checksums in the SAM-2 preauthentication challenge. An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some...
tomcat -- Cross-site scripting vulnerability
The Tomcat security team reports: The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages...
bugzilla -- information disclosure, denial of service
A Bugzilla Security Advisory reports: Remote Information Disclosure: An unprivileged user is normally not allowed to view other users' group membership. But boolean charts let the user use group-based pronouns, indirectly disclosing group membership. This security fix restricts the use of pronoun...
piwik -- php code execution
secunia reports: Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the core/Cookie.php script using "unserialize" with user controlled input. This can be exploited to e.g. execute...
wordpress -- remote admin password reset vulnerability
WordPress reports: A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database usually the admin account would have its password reset and a new passwor...
silc-toolkit -- Format string vulnerabilities
SILC Changlog reports: An unspecified format string vulnerability exists in silc-toolkit...
mozilla -- multiple vulnerabilities
Mozilla Project reports: MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters MFSA 2009-42: Compromise of SSL-protected communication MFSA 2009-43: Heap overflow in certificate regexp parsing MFSA 2009-44: Location bar and SSL indicator spoofing via...
silc-client -- Format string vulnerability
SILC changelog reports: An unspecified format string vulnerability exists in silc-client...
nagios -- Command Injection Vulnerability
Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploite...
freetype2 -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library. An integer overflow error within the "cffcharsetcomputecids" function in cff/cffload.c can be exploited to potentially cause...
openfire -- multiple vulnerabilities
Core Security Technologies reports: Multiple cross-site scripting vulnerabilities have been found which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code...
libaudiofile -- heap-based overflow in Microsoft ADPCM compression module
Debian reports: Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted WAV file...
php5-gd -- uninitialized memory information disclosure vulnerability
According to CVE-2008-5498 entry: Array index error in the "imageRotate" function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the "bgdcolor" or "clrBack" argument for an indexed image...
vlc -- cue processing stack overflow
The VLC Team reports: The VLC media player contains a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of VLC media player...
opera -- multiple vulnerabilities
Opera reports: When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration...
net-snmp -- DoS for SNMP agent via crafted GETBULK request
Wes Hardaker reports through sourceforge.net forum: SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal access crash the agent. If you have open access to your snmp agents bad bad bad; stop doing that! or if you don't trust everyone that does have access to your...
drupal -- cross site request forgery
The Drupal Project reports: The aggregator module fetches items from RSS feeds and makes them available on the site. The module provides an option to remove items from a particular feed. This has been implemented as a simple GET request and is therefore vulnerable to cross site request forgeries...
Squid -- Denial of Service Vulnerability
Squid secuirty advisory reports: Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service...
apache -- multiple vulnerabilities
Apache HTTP server project reports: The following potential security flaws are addressed: CVE-2007-3847: modproxy: Prevent reading past the end of a buffer when parsing date-related headers. CVE-2007-1863: modcache: Prevent a segmentation fault if attributes are listed in a Cache-Control header...
clamav -- multiple remote Denial of Service vulnerabilities
BugTraq reports: ClamAV is prone to multiple denial-of-service vulnerabilities. A successful attack may allow an attacker to crash the application and deny service to users...
fetchmail -- denial of service on reject of local warning message
Matthias Andree reports: fetchmail will generate warning messages in certain circumstances for instance, when leaving oversized messages on the server or login to the upstream fails and send them to the local postmaster or the user running it. If this warning message is then refused by the SMTP...
linux-flashplugin -- critical vulnerabilities
Adobe reports: Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit...
mutt -- buffer overflow vulnerability
Securityfocus reports: Mutt is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. An attacker can exploit this issue to execute arbitrary code with the with the privileges of the victim. Failed...
cups -- Incomplete SSL Negotiation Denial of Service
Secunia reports: CUPS is not using multiple workers to handle connections. This can be exploited to stop CUPS from accepting new connections by starting but never completing an SSL negotiation...
flyspray -- authentication bypass
The Flyspray Project reports: Flyspray authentication system can be bypassed by sending a carefully crafted post request. To be vulnerable, PHP configuration directive outputbuffering has to be disabled or set to a low value...
fetchmail -- TLS enforcement problem/MITM attack/password exposure
Matthias Andree reports: Fetchmail has had several longstanding password disclosure vulnerabilities. sslcertck/sslfingerprint options should have implied "sslproto tls1" in order to enforce TLS negotiation, but did not. Even with "sslproto tls1" in the config, fetches would go ahead in plain text...