6585 matches found
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 112983 Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG. 113496 Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community. 118374 Medium CVE-2011-3085: UI...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-13 XSS with Drag and Drop and Javascript: URL MFSA 2012-14 SVG issues found with Address Sanitizer MFSA 2012-15 XSS with multiple Content Security Policy headers MFSA 2012-16 Escalation of privilege with Javascript: URL as home page MFSA 2012-17 Crash when...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library. Cred...
databases/postgresql*-client -- multiple vulnerabilities
The PostgreSQL Global Development Group reports: These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading ...
Python -- DoS via malformed XML-RPC / HTTP POST request
Jan Lieskovsky reports, A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process ...
kdelibs4, rekonq -- input validation failure
KDE Security Advisory reports: The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a...
codeigniter -- SQL injection vulnerability
The CodeIgniter changelog reports: An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions 5.0.7 with mysqlsetcharset creates a...
isc-dhcp-server -- Empty link-address denial of service
ISC reports: If the server receives a DHCPv6 packet containing one or more Relay-Forward messages, and none of them supply an address in the Relay-Forward link-address field, then the server will crash. This can be used as a single packet crash attack vector...
Wireshark -- DoS in the BER-based dissectors
Secunia reports: A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an infinite recursion error in the "dissectunknownber" function in epan/dissectors/packet-ber.c and can be exploited t...
tiff -- buffer overflow vulnerability
Kevin Finisterre reports: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking...
mahara -- sql injection vulnerability
The Debian security team reports: It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara...
png -- libpng decompression denial of service
A vulnerability in libpng can result in denial of service conditions when a remote attacker tricks a victim to open a specially-crafted PNG file. The PNG project describes the problem in an advisory: Because of the efficient compression method used in Portable Network Graphics PNG files, a small...
bugzilla -- information leak
A Bugzilla Security Advisory reports: When a bug is in a group, none of its information other than its status and resolution should be visible to users outside that group. It was discovered that as of 3.3.2, Bugzilla was showing the alias of the bug a very short string used as a shortcut for...
Xpdf -- Multiple Vulnerabilities
SecurityFocus reports: Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system. 1 Multiple integer overflows in "SplashBitmap::SplashBitmap" can be exploited to cause heap-based buffer overflows. 2 An integer overflow...
apr -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in APR-util, which can be exploited by malicious users and malicious people to cause a DoS Denial of Service. A vulnerability is caused due to an error in the processing of XML files and can be exploited to exhaust all available memory via ...
libxine -- multiple vulnerabilities
xine developers report: Fix another possible int overflow in the 4XM demuxer. ref. TKADV2009-004, CVE-2009-0385 Fix an integer overflow in the Quicktime demuxer...
epiphany -- untrusted search path vulnerability
CVE Mitre reports: Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function...
rubygem-rails -- SQL injection vulnerability
Jonathan Weiss reports, that it is possible to perform an SQL injection in Rails applications via not correctly sanitized :limit and :offset parameters. It is possible to change arbitrary values in affected tables or gain access to the sensitive data...
squirrelmail -- Session hijacking vulnerability
Hanno Boeck reports: When configuring a web application to use only ssl e.g. by forwarding all http-requests to https, a user would expect that sniffing and hijacking the session is impossible. Though, for this to be secure, one needs to set the session cookie to have the secure flag. Otherwise t...
poppler -- uninitialized pointer
Felipe Andres Manzano reports: The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code execution. This vulnerability results from memory management bugs in the Page class constructor/destructor...
jetty -- multiple vulnerability
Greg Wilkins reports: jetty allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' characters in the URI...
samba -- buffer overflow vulnerability
Secuna Research reports: Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "sendmailslot" function. This can be exploited to cause a stack-based...
qemu -- Translation Block Local Denial of Service Vulnerability
SecurityFocus reports: QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of the issue, attackers may also be able...
perl -- regular expressions unicode data buffer overflow
Red Hat reports: A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl...
openldap -- multiple remote denial of service vulnerabilities
BugTraq reports: OpenLDAP is prone to multiple remote denial-of-service vulnerabilities because of an incorrect NULL-termination issue and a double-free issue...
kdm -- passwordless login vulnerability
The KDE development team reports: KDM can be tricked into performing a password-less login even for accounts with a password set under certain circumstances, namely autologin to be configured and "shutdown with password" enabled...
mod_perl -- remote DoS in PATH_INFO parsing
Mandriva reports: PerlRun.pm in Apache modperl 1.29 and earlier, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...
sql-ledger -- multiple vulnerabilities
The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers...
screen -- combined UTF-8 characters vulnerability
A vulnerability in the handling of combined UTF-8 characters in screen may allow an user-assisted attacker to crash screen or potentially allow code execution as the user running screen. To exploit this issue the user running scren must in some way interact with the attacker...
kdelibs -- integer overflow in khtml
Red Hat reports: An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in...
torrentflux -- User-Agent XSS Vulnerability
Steven Roddis reports that User-Agent string is not properly escaped when handled by torrentflux. This allows for arbitrary code insertion...
squirrelmail -- random variable overwrite vulnerability
The SquirrelMail developers report: A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments...
mozilla -- multiple vulnerabilities
A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-56 chrome: scheme loading remote content MFSA 2006-55 Crashes with evidence of memory corruption rv:1.8.0.5 MFSA...
shoutcast -- cross-site scripting, information exposure
Goober's advisory reports reports that shoutcast is vulnerable to an arbitrary file reading vulnerability: Impact of the vulnerability depends on the way the product was installed. In general, the vulnerability allows the attacker to read any file which can be read by the Shoutcast server process...
mailman -- Multiple Vulnerabilities
Secunia reports: Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successfu...
mailman -- Private Archive Script Cross-Site Scripting
Secunia reports: A vulnerability has been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute...
texindex -- temporary file privilege escalation
Problem description The "sortoffline" function used by texindex1 employs the "maketempname" function, which produces predictable file names and fails to validate that the paths do not exist. Impact These predictable temporary file names are problematic because they allow an attacker to take...
pear-XML_RPC -- remote PHP code injection vulnerability
A Hardened-PHP Project Security Advisory reports: When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code. This new...
gaim -- AIM/ICQ away message buffer overflow
The GAIM team reports: A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings such as %t or %n...
gforge -- XSS and email flood vulnerabilities
Jose Antonio Coret reports that GForge contains multiple Cross Site Scripting vulnerabilities and an e-mail flood vulnerability: The login form is also vulnerable to XSS Cross Site Scripting attacks. This may be used to launch phising attacks by sending HTML e-mails i.e.: saying that you need to...
apache -- http request smuggling
A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this...
phpbb -- remote PHP code execution vulnerability
FrSIRT Advisory reports: A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the...
mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities
A xine security announcement reports: By a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media...
kdelibs -- local DCOP denial of service vulnerability
A KDE Security Advisory reports: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol DCOP daemon better known as dcopserver. A local user can lock up the dcopserver of arbitrary other users on the same machine...
realplayer -- remote heap overflow
Two exploits have been identified in the Linux RealPlayer client. RealNetworks states: RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no...
phpmyadmin -- information disclosure vulnerability
A phpMyAdmin security announcement reports: By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin...
postgresql -- privilege escalation vulnerability
John Heasman and others disovered that non-privileged users could use the LOAD extension to load arbitrary libraries into the postgres server process space. This could be used by non-privileged local users to execute arbitrary code with the privileges of the postgresql server...
mailman -- generated passwords are poor quality
Florian Weimer wrote: Mailman 2.1.5 uses weak auto-generated passwords for new subscribers. These passwords are assigned when members subscribe without specifying their own password either by email or the web frontend. Knowledge of this password allows an attacker to gain access to the list archi...
cups-lpr -- lppasswd multiple vulnerabilities
D. J. Bernstein reports that Bartlomiej Sieka has discovered several security vulnerabilities in lppasswd, which is part of CUPS. In the following excerpt from Bernstein's email, CVE names have been added for each issue: First, lppasswd blithely ignores write errors in fputsline,outfile at lines...
krb5 -- heap buffer overflow vulnerability in libkadm5srv
A MIT krb5 Security Advisory reports: The MIT Kerberos 5 administration library libkadm5srv contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center KDC host. The overflow occurs during a password change of a...