6587 matches found
tomcat -- authentication weaknesses
The Apache Software Foundation reports: Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were n...
otrs -- XSS vulnerability
OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while...
Wireshark -- Multiple Vulnerabilities
Wireshark reports: The HSRP dissector could go into an infinite loop. The PPP dissector could abort. Martin Wilck discovered an infinite loop in the DRDA dissector. Laurent Butti discovered a buffer overflow in the LDP dissector...
ansible -- enable host key checking in paramiko connection type
Ansible changelog reports: Host key checking is on by default. Disable it if you like by adding hostkeychecking=False in the default section of /etc/ansible/ansible.cfg or /ansible.cfg or by exporting ANSIBLEHOSTKEYCHECKING=False...
ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file
Kurt Seifried reports: There is an issue in ImageMagick that is also present in GraphicsMagick. CVE-2011-3026 deals with libpng memory allocation, and limitations have been added so that a bad PNG can't cause the system to allocate a lot of memory and a denial of service. However on further...
isc-dhcp -- multiple vulnerabilities
ISC reports: An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server. An...
libxml2 -- An off-by-one out-of-bounds write by XPointer
Google chrome team reports: An off-by-one out-of-bounds write flaw was found in the way libxml, a library for providing XML and HTML support, evaluated certain XPointer parts XPointer is used by libxml to include only the part from the returned XML document, that can be accessed using the XPath...
PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability
High-Tech Bridge reports: Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...
libpurple -- Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests
Pidgin reports: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106413 High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team Marty Barbella and independent later discovery by miaubiz. 117627 Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. 121726 Medium CVE-2011-3080: Rac...
gnutls -- possible overflow/Denial of service vulnerabilities
Mu Dynamics, Inc. reports: The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106484 High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. 108461 High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI ZDI-CAN-1415. 108605 High CVE-2011-3927: Uninitialized value in Skia...
jasper -- buffer overflow
Fedora reports: JasPer fails to properly decode marker segments and other sections in malformed JPEG2000 files. Malformed inputs can cause heap buffer overflows which in turn may result in execution of attacker-controlled code...
opera -- multiple vulnerabilities
Opera software reports: Fixed a moderately severe issue; details will be disclosed at a later date Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory Improved handling of certificate revocation corner cases Added a fix for a...
OpenSSL -- multiple vulnerabilities
OpenSSL Team reports: Two security flaws have been fixed in OpenSSL 1.0.0e Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. CVE-2011-3207 OpenSSL server code for ephemeral ECDH ciphersuites is not...
XSS issue in MantisBT
Net.Edit0r from BlACK Hat Group reported an XSS issue in search.php. All MantisBT users including anonymous users that are not logged in to public bug trackers could be impacted by this vulnerability...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of...
Exim -- remote code execution and information disclosure
Release notes for Exim 4.76 says: Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution. DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header caus...
php -- ZipArchive segfault with FL_UNCHANGED on empty archive
US-CERT/NIST reports: The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service application crash via an empty ZIP archive that is...
PivotX -- administrator password reset vulnerability
US CERT reports: PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be affected. This vulnerability is being exploited in the wild and users should immediately upgrade to 2.2.5 or late...
krb5 -- MITKRB5-SA-2011-001, kpropd denial of service
An advisory published by the MIT Kerberos team says: The MIT krb5 KDC database propagation daemon kpropd is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause t...
piwik -- cross site scripting vulnerability
The Piwik security advisory reports: A non-persistent, cross-site scripting vulnerability XSS was found in Piwik's Login form that reflected the formurl parameter without being properly escaped or filtered...
pidgin -- multiple remote denial of service vulnerabilities
Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows: Pidgin can become unresponsive when displaying large numbers of smileys Certain nicknames in group chat rooms can trigger a crash...
squidGuard -- multiple vulnerabilities
SquidGuard website reports: Patch 20091015 fixes one buffer overflow problem in sgLog.c when overlong URLs are requested. SquidGuard will then go into emergency mode were no blocking occurs. This is not required in this situation. Patch 20091019 fixes two bypass problems with URLs which length is...
joomla -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being used. This can be...
GnuTLS -- multiple vulnerabilities
SecurityFocus reports: GnuTLS is prone to multiple remote vulnerabilities: A remote code-execution vulnerability. A denial-of-service vulnerability. A signature-generation vulnerability. A signature-verification vulnerability. An attacker can exploit these issues to potentially execute arbitrary...
ffmpeg -- 4xm processing memory corruption vulnerability
Secunia reports: Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a signedness error within the "fourxmreadheader" function in libavformat/4xm.c. This can ...
ganglia -- buffer overflow vulnerability
Secunia reports: Spike Spiegel has discovered a vulnerability in Ganglia which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the processpath function in gmetad/server.c. This can be exploited to cause a stack-bas...
expat2 -- Parser crash with specially formatted UTF-8 sequences
CVE reports: The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buff...
FreeBSD -- arc4random(9) predictable sequence vulnerability
Problem Description: When the arc4random9 random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random9; and it may take up to 5 minutes before arc4random9 is reseeded with secure entropy from the Yarrow random number...
websvn -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in WebSVN, which can be exploited by malicious users to disclose sensitive information, and by malicious people to conduct cross-site scripting attacks and manipulate data. Input passed in the URL to index.php is not properly sanitised befo...
opera -- multiple vulnerabilities
Opera reports: Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to look through the user's browsing history, including the contents of the pages they have visited. These may contain sensitive...
horde -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks Input via MIME attachment linking is not properly sanitised in the MIME library before being used. This can be exploited to execute...
libvorbis -- various security issues
Red Hat reports: Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted Vorbis audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when...
qemu -- "drive_init()" Disk Format Security Bypass
Secunia reports: A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the "driveinit" function in vl.c determining the format of a disk from data contained in the disk's header. This...
libxine -- array index vulnerability
xine Team reports: A new xine-lib version is now available. This release contains a security fix an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer...
gallery2 -- multiple vulnerabilities
The Gallery team reports: Gallery 2.2.4 addresses the following security vulnerabilities: Publish XP module - Fixed unauthorized album creation and file uploads. URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink...
jetty -- multiple vulnerabilities
Cross-site scripting XSS vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters...
jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented
SUN reports: A vulnerability in the Java Runtime Environment JRE with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network...
FreeBSD -- Buffer overflow in tcpdump(1)
Problem Description: An un-checked return value in the BGP dissector code can result in an integer overflow. This value is used in subsequent buffer management operations, resulting in a stack based buffer overflow under certain circumstances. Impact: By crafting malicious BGP packets, an attacke...
freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability
The freeradius development team reports: A malicious 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUEPAIR data structure, of approximately 300 bytes. If an attacker performe...
bind -- Multiple Denial of Service vulnerabilities
Problem Description: A type ANY query response containing multiple RRsets can trigger an assertion failure. Certain recursive queries can cause the nameserver to crash by using memory which has already been freed. Impact: A remote attacker sending a type ANY query to an authoritative DNS server f...
fetchmail -- crashes when refusing a message bound for an MDA
Matthias Andree reports: When delivering messages to a message delivery agent by means of the "mda" option, fetchmail can crash by passing a NULL pointer to ferror and fflush when refusing a message. SMTP and LMTP delivery modes aren't affected...
ruby -- cgi.rb library Denial of Service
The official ruby site reports: Another vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. A specific HTTP request for any web application using cgi.rb causes CPU consumption on the...
openldap -- slapd acl selfwrite Security Issue
Howard Chu reports: An ACL of the form 'access to dn.subtree="ou=groups, dc=example,dc=com" attr=member by selfwrite' is intended to only allow users to add/delete their own DN to the target attribute. Currently it allows any DNs to be modified...
cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service
Unspecified vulnerability in the CMU Cyrus Simple Authentication and Security Layer SASL library, has unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation...
gtar -- invalid headers buffer overflow
GNU tar is vulnerable to a buffer overflow, caused by improper bounds checking of the PAX extended headers. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user...
opera -- command line URL shell command injection
An Opera Advisory reports: Opera for UNIX uses a wrapper shell script to start up Opera. This shell script reads the input arguments, like the file names or URLs that Opera is to open. It also performs some environment checks, for example whether Java is available and if so, where it is located...
xloadimage -- buffer overflows in NIFF image title handling
Ariel Berkman reports: Unlike most of the supported image formats in xloadimage, the NIFF image format can store a title name of arbitrary length as part of the image file. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. ...
dnrd -- remote buffer and stack overflow vulnerabilities
Natanael Copa reports that dnrd is vulnerable to a remote buffer overflow and a remote stack overflow. These vulnerabilities can be triggered by sending invalid DNS packets to dnrd. The buffer overflow could potentially be used to execute arbitrary code with the permissions of the dnrd daemon. No...