6583 matches found
apr -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in APR-util, which can be exploited by malicious users and malicious people to cause a DoS Denial of Service. A vulnerability is caused due to an error in the processing of XML files and can be exploited to exhaust all available memory via ...
libxine -- multiple vulnerabilities
xine developers report: Fix another possible int overflow in the 4XM demuxer. ref. TKADV2009-004, CVE-2009-0385 Fix an integer overflow in the Quicktime demuxer...
epiphany -- untrusted search path vulnerability
CVE Mitre reports: Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function...
rubygem-rails -- SQL injection vulnerability
Jonathan Weiss reports, that it is possible to perform an SQL injection in Rails applications via not correctly sanitized :limit and :offset parameters. It is possible to change arbitrary values in affected tables or gain access to the sensitive data...
squirrelmail -- Session hijacking vulnerability
Hanno Boeck reports: When configuring a web application to use only ssl e.g. by forwarding all http-requests to https, a user would expect that sniffing and hijacking the session is impossible. Though, for this to be secure, one needs to set the session cookie to have the secure flag. Otherwise t...
poppler -- uninitialized pointer
Felipe Andres Manzano reports: The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code execution. This vulnerability results from memory management bugs in the Page class constructor/destructor...
jetty -- multiple vulnerability
Greg Wilkins reports: jetty allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' characters in the URI...
samba -- buffer overflow vulnerability
Secuna Research reports: Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "sendmailslot" function. This can be exploited to cause a stack-based...
qemu -- Translation Block Local Denial of Service Vulnerability
SecurityFocus reports: QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of the issue, attackers may also be able...
perl -- regular expressions unicode data buffer overflow
Red Hat reports: A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl...
openldap -- multiple remote denial of service vulnerabilities
BugTraq reports: OpenLDAP is prone to multiple remote denial-of-service vulnerabilities because of an incorrect NULL-termination issue and a double-free issue...
kdm -- passwordless login vulnerability
The KDE development team reports: KDM can be tricked into performing a password-less login even for accounts with a password set under certain circumstances, namely autologin to be configured and "shutdown with password" enabled...
mod_perl -- remote DoS in PATH_INFO parsing
Mandriva reports: PerlRun.pm in Apache modperl 1.29 and earlier, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...
sql-ledger -- multiple vulnerabilities
The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers...
tnftpd -- Remote root Exploit
The tnftpd port suffer from a remote stack overrun, which can lead to a root compromise...
screen -- combined UTF-8 characters vulnerability
A vulnerability in the handling of combined UTF-8 characters in screen may allow an user-assisted attacker to crash screen or potentially allow code execution as the user running screen. To exploit this issue the user running scren must in some way interact with the attacker...
kdelibs -- integer overflow in khtml
Red Hat reports: An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in...
torrentflux -- User-Agent XSS Vulnerability
Steven Roddis reports that User-Agent string is not properly escaped when handled by torrentflux. This allows for arbitrary code insertion...
squirrelmail -- random variable overwrite vulnerability
The SquirrelMail developers report: A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments...
mozilla -- multiple vulnerabilities
A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-56 chrome: scheme loading remote content MFSA 2006-55 Crashes with evidence of memory corruption rv:1.8.0.5 MFSA...
mailman -- Multiple Vulnerabilities
Secunia reports: Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successfu...
shoutcast -- cross-site scripting, information exposure
Goober's advisory reports reports that shoutcast is vulnerable to an arbitrary file reading vulnerability: Impact of the vulnerability depends on the way the product was installed. In general, the vulnerability allows the attacker to read any file which can be read by the Shoutcast server process...
texindex -- temporary file privilege escalation
Problem description The "sortoffline" function used by texindex1 employs the "maketempname" function, which produces predictable file names and fails to validate that the paths do not exist. Impact These predictable temporary file names are problematic because they allow an attacker to take...
pear-XML_RPC -- remote PHP code injection vulnerability
A Hardened-PHP Project Security Advisory reports: When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code. This new...
gaim -- AIM/ICQ away message buffer overflow
The GAIM team reports: A remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings such as %t or %n...
apache -- http request smuggling
A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this...
phpbb -- remote PHP code execution vulnerability
FrSIRT Advisory reports: A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the...
mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities
A xine security announcement reports: By a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media...
kdelibs -- local DCOP denial of service vulnerability
A KDE Security Advisory reports: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol DCOP daemon better known as dcopserver. A local user can lock up the dcopserver of arbitrary other users on the same machine...
mozilla -- heap buffer overflow in GIF image processing
A Mozilla Foundation Security Advisory states: An sic GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine...
realplayer -- remote heap overflow
Two exploits have been identified in the Linux RealPlayer client. RealNetworks states: RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no...
phpmyadmin -- information disclosure vulnerability
A phpMyAdmin security announcement reports: By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin...
postgresql -- privilege escalation vulnerability
John Heasman and others disovered that non-privileged users could use the LOAD extension to load arbitrary libraries into the postgres server process space. This could be used by non-privileged local users to execute arbitrary code with the privileges of the postgresql server...
mozilla -- heap overflow in NNTP handler
Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers: Mozilla browser supports NNTP urls. Remote side is able to trigger news:// connection to any server. I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code o...
mailman -- generated passwords are poor quality
Florian Weimer wrote: Mailman 2.1.5 uses weak auto-generated passwords for new subscribers. These passwords are assigned when members subscribe without specifying their own password either by email or the web frontend. Knowledge of this password allows an attacker to gain access to the list archi...
krb5 -- heap buffer overflow vulnerability in libkadm5srv
A MIT krb5 Security Advisory reports: The MIT Kerberos 5 administration library libkadm5srv contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center KDC host. The overflow occurs during a password change of a...
rsync -- path sanitizing vulnerability
An rsync security advisory reports: There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for...
Apache 2 mod_ssl denial-of-service
Joe Orton reports a memory leak in Apache 2's modssl. A remote attacker may issue HTTP requests on an HTTPS port, causing an error. Due to a bug in processing this condition, memory associated with the connection is not freed. Repeated requests can result in consuming all available memory...
fsp buffer overflow and directory traversal vulnerabilities
The Debian security team reported a pair of vulnerabilities in fsp: A vulnerability was discovered in fsp, client utilities for File Service Protocol FSP, whereby a remote user could both escape from the FSP root directory CAN-2003-1022, and also overflow a fixed-length buffer to execute arbitrar...
Gitlab -- Vulnerabilities
Gitlab reports: XSS in k8s proxy endpoint XSS Maven Dependency Proxy HTML injection leads to XSS on self hosted instances Improper Authorisation Check Allows Guest User to Read Security Policy Planner role can read code review analytics in private projects...
FreeBSD -- umtx Kernel panic or Use-After-Free
Problem Description: Concurrent removals of such a mapping by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. Impact: A malicious code exercizing the UMTXSHMDESTRO...
firefox -- multiple vulnerabilities
[email protected] reports: CVE-2024-7531: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the...
MySQL -- Multiple vulnerabilities
Oracle reports: 36 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8...
electron{27,28,29} -- multiple vulnerabilities
Electron develpers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3515. Security: backported fix for CVE-2024-3516. Security: backported fix for CVE-2024-3157. Security: backported fix for CVE-2024-1580...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 16 security bugs in Chromium: CVE-2024-2625: Object lifecycle issue in V8 CVE-2024-2626: Out of bounds read in Swiftshader CVE-2024-2885: Use after free in Dawn CVE-2024-2887: Type Confusion in WebAssembly CVE-2024-3157: Out of bounds write in...
Gitlab -- vulnerabilities
Gitlab reports: Stored-XSS injected in Wiki page via Banzai pipeline DOS using crafted emojis...
jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty
Jenkins Security Advisory: Description High SECURITY-3379 / CVE-2024-22201 HTTP/2 denial of service vulnerability in bundled Jetty...
electron{26,27} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-0224. Security: backported fix for CVE-2024-0225. Security: backported fix for CVE-2024-0223. Security: backported fix for CVE-2024-0222...
electron{26,27} -- multiple vulnerabilities
Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-6508. Security: backported fix for CVE-2023-7024...
electron{25,26} -- use after free in Garbage Collection
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2023-5997...