6585 matches found
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android. These vulnerabilities could...
Exim -- remote code execution and information disclosure
Release notes for Exim 4.76 says: Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a format-string attack -- SECURITY: remote arbitrary code execution. DKIM signature header parsing was double-expanded, second time unintentionally subject to list matching rules, letting the header caus...
php -- ZipArchive segfault with FL_UNCHANGED on empty archive
US-CERT/NIST reports: The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might allow context-dependent attackers to cause a denial of service application crash via an empty ZIP archive that is...
krb5 -- MITKRB5-SA-2011-001, kpropd denial of service
An advisory published by the MIT Kerberos team says: The MIT krb5 KDC database propagation daemon kpropd is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause t...
vte -- Classic terminal title set+query attack
Kees Cook reports: Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands wi...
piwik -- cross site scripting vulnerability
The Piwik security advisory reports: A non-persistent, cross-site scripting vulnerability XSS was found in Piwik's Login form that reflected the formurl parameter without being properly escaped or filtered...
squidGuard -- multiple vulnerabilities
SquidGuard website reports: Patch 20091015 fixes one buffer overflow problem in sgLog.c when overlong URLs are requested. SquidGuard will then go into emergency mode were no blocking occurs. This is not required in this situation. Patch 20091019 fixes two bypass problems with URLs which length is...
joomla -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being used. This can be...
GnuTLS -- multiple vulnerabilities
SecurityFocus reports: GnuTLS is prone to multiple remote vulnerabilities: A remote code-execution vulnerability. A denial-of-service vulnerability. A signature-generation vulnerability. A signature-verification vulnerability. An attacker can exploit these issues to potentially execute arbitrary...
ffmpeg -- 4xm processing memory corruption vulnerability
Secunia reports: Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a signedness error within the "fourxmreadheader" function in libavformat/4xm.c. This can ...
ganglia -- buffer overflow vulnerability
Secunia reports: Spike Spiegel has discovered a vulnerability in Ganglia which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the processpath function in gmetad/server.c. This can be exploited to cause a stack-bas...
expat2 -- Parser crash with specially formatted UTF-8 sequences
CVE reports: The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buff...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports: MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-domai...
FreeBSD -- arc4random(9) predictable sequence vulnerability
Problem Description: When the arc4random9 random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random9; and it may take up to 5 minutes before arc4random9 is reseeded with secure entropy from the Yarrow random number...
websvn -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in WebSVN, which can be exploited by malicious users to disclose sensitive information, and by malicious people to conduct cross-site scripting attacks and manipulate data. Input passed in the URL to index.php is not properly sanitised befo...
opera -- multiple vulnerabilities
Opera reports: Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to look through the user's browsing history, including the contents of the pages they have visited. These may contain sensitive...
horde -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks Input via MIME attachment linking is not properly sanitised in the MIME library before being used. This can be exploited to execute...
libvorbis -- various security issues
Red Hat reports: Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted Vorbis audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when...
qemu -- "drive_init()" Disk Format Security Bypass
Secunia reports: A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the "driveinit" function in vl.c determining the format of a disk from data contained in the disk's header. This...
libxine -- array index vulnerability
xine Team reports: A new xine-lib version is now available. This release contains a security fix an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer...
gallery2 -- multiple vulnerabilities
The Gallery team reports: Gallery 2.2.4 addresses the following security vulnerabilities: Publish XP module - Fixed unauthorized album creation and file uploads. URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink...
jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented
SUN reports: A vulnerability in the Java Runtime Environment JRE with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network...
FreeBSD -- Buffer overflow in tcpdump(1)
Problem Description: An un-checked return value in the BGP dissector code can result in an integer overflow. This value is used in subsequent buffer management operations, resulting in a stack based buffer overflow under certain circumstances. Impact: By crafting malicious BGP packets, an attacke...
freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability
The freeradius development team reports: A malicious 802.1x supplicant could send malformed Diameter format attributes inside of an EAP-TTLS tunnel. The server would reject the authentication request, but would leak one VALUEPAIR data structure, of approximately 300 bytes. If an attacker performe...
bind -- Multiple Denial of Service vulnerabilities
Problem Description: A type ANY query response containing multiple RRsets can trigger an assertion failure. Certain recursive queries can cause the nameserver to crash by using memory which has already been freed. Impact: A remote attacker sending a type ANY query to an authoritative DNS server f...
fetchmail -- crashes when refusing a message bound for an MDA
Matthias Andree reports: When delivering messages to a message delivery agent by means of the "mda" option, fetchmail can crash by passing a NULL pointer to ferror and fflush when refusing a message. SMTP and LMTP delivery modes aren't affected...
ruby -- cgi.rb library Denial of Service
The official ruby site reports: Another vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. A specific HTTP request for any web application using cgi.rb causes CPU consumption on the...
openldap -- slapd acl selfwrite Security Issue
Howard Chu reports: An ACL of the form 'access to dn.subtree="ou=groups, dc=example,dc=com" attr=member by selfwrite' is intended to only allow users to add/delete their own DN to the target attribute. Currently it allows any DNs to be modified...
libxine -- buffer overflow vulnerability
A Secunia Advisory reports: Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system. The weakness is cause due to a heap corruption within the "xinepluginphttp.so" plugin when handling an overly lar...
cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service
Unspecified vulnerability in the CMU Cyrus Simple Authentication and Security Layer SASL library, has unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation...
gtar -- invalid headers buffer overflow
GNU tar is vulnerable to a buffer overflow, caused by improper bounds checking of the PAX extended headers. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user...
opera -- command line URL shell command injection
An Opera Advisory reports: Opera for UNIX uses a wrapper shell script to start up Opera. This shell script reads the input arguments, like the file names or URLs that Opera is to open. It also performs some environment checks, for example whether Java is available and if so, where it is located...
dnrd -- remote buffer and stack overflow vulnerabilities
Natanael Copa reports that dnrd is vulnerable to a remote buffer overflow and a remote stack overflow. These vulnerabilities can be triggered by sending invalid DNS packets to dnrd. The buffer overflow could potentially be used to execute arbitrary code with the permissions of the dnrd daemon. No...
kdebase -- Kate backup file permission leak
A KDE Security Advisory explains: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by othe...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: Any user can change any flag on any bug, even if they don't have access to that bug, or even if they can't normally make bug changes. This also allows them to expose the summary of a bug. Bugs are inserted into the database before they are marked as private, ...
net-snmp -- remote DoS vulnerability
A Net-SNMP release announcement reports: A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agent's which have opened a stream based protocol EG, TCP but not UDP; it should be noted that Net-SNMP does not by default open a TCP...
clamav -- cabinet file handling DoS vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition. The vulnerability specifically exists due to insufficient validation on cabinet file header data. The ENSUREBITS macro fails to...
mozilla -- code execution via javascript: IconURL vulnerability
A Mozilla Foundation Security Advisory reports: Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system. The problem is that "IFRAME" JavaScript URLs are not properly protected from bein...
qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests
Georgi Guninski writes: There are several issues with qmail on 64 bit platforms - classical integer overflow, pointer with signed index and signedness problem not counting the memory consumtion dos, which just helps. Update: the problem with the signed index is exploitable on Freebsd 5.4 amd64 wi...
jdk -- jar directory traversal vulnerability
Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system. The jar tool does not check properly if the files to be extracted have the string "../" on its names, so it's possible for an attacker to create a malicio...
firefox -- PLUGINSPAGE privileged javascript execution
A Mozilla Foundation Security Advisory reports: When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute,...
bzip2 -- denial of service and permission race vulnerabilities
Problem Description Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions. Impac...
squid -- possible cache-poisoning via malformed HTTP responses
The squid patches page notes: This patch makes Squid considerably stricter while parsing the HTTP protocol. A Content-length header should only appear once in a valid request or response. Multiple Content-length headers, in conjunction with specially crafted requests, may allow Squid's cache to b...
a2ps -- insecure temporary file creation
A Secunia Security Advisory reports that Javier Fernández-Sanguino Peña has found temporary file creation vulnerabilities in the fixps and psmandup scripts which are part of a2ps. These vulnerabilities could lead to an attacker overwriting arbitrary files with the credentials of the user running...
ethereal -- multiple vulnerabilities
An Ethreal Security Advisories reports: Issues have been discovered in the following protocol dissectors: Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash. An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling availab...
kdelibs3 -- konqueror FTP command injection vulnerability
Albert Puigsech Galicia reports that Konqueror more specifically kioftp and Microsoft Internet Explorer are vulnerable to a FTP command injection vulnerability which can be exploited by tricking an user into clicking a specially crafted FTP URI. It is also reported by Ian Gulliver and Emanuele...
gd -- integer overflow
infamous41md reports about the GD Graphics Library: There is an integer overflow when allocating memory in the routine that handles loading PNG image files. This later leads to heap data structures being overwritten. If an attacker tricked a user into loading a malicious PNG image, they could...
konqueror -- Password Disclosure for SMB Shares
When browsing SMB shares with Konqueror, shares with authentication show up with hidden password in the browser bar. It is possible to store the URL as a shortcut on the desktop where the password is then available in plain text...
freeradius -- denial-of-service vulnerability
A remote attacker may be able to crash the freeRADIUS Server due to three independant bugs in the function which does improper checking values while processing RADIUS attributes...
krb5 -- double-free vulnerabilities
An advisory published by the MIT Kerberos team says: The MIT Kerberos 5 implementation's Key Distribution Center KDC program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire...