6585 matches found
phpMyAdmin -- XSS due to unescaped HTML output in Create View page
The phpMyAdmin development team reports: When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...
xorg -- protocol handling issues in X Window System client libraries
freedesktop.org reports: Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues. Most ...
dropbear -- exposure of sensitive information, DoS
The Dropbear project reports: A weakness and a vulnerability have been reported in Dropbear SSH Server, which can be exploited by malicious people to disclose certain sensitive information and cause a DoS...
ModSecurity -- XML External Entity Processing Vulnerability
Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS Denial Of Serice. The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g...
roundcube -- arbitrary file disclosure vulnerability
RoundCube development team reports: After getting reports about a possible vulnerability of Roundcube which allows an attacker to modify its users preferences in a way that he/she can then read files from the server, we now published updated packages as well as patches that fix this security issu...
drupal7 -- Denial of service
Drupal Security Team reports: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effec...
FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query
Problem description: Due to a software defect a crafted query can cause named8 to crash with an assertion failure...
Ruby Rack Gem -- Multiple Issues
Rack developers report: Today we are proud to announce the release of Rack 1.4.5. Fix CVE-2013-0263, timing attack against Rack::Session::Cookie Fix CVE-2013-0262, symlink path traversal in Rack::File...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 161564 High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team Jüri Aedla. 162835 High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie...
tomcat -- authentication weaknesses
The Apache Software Foundation reports: Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were n...
tomcat -- Denial of Service
The Apache Software Foundation reports: The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...
otrs -- XSS vulnerability
OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 154983154987 Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 121347 Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. 134897 High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. 135485 Low CVE-2012-2867: Browser crash with SPDY. 136881 Medium CVE-2012-2868: Race condition with workers and...
ansible -- enable host key checking in paramiko connection type
Ansible changelog reports: Host key checking is on by default. Disable it if you like by adding hostkeychecking=False in the default section of /etc/ansible/ansible.cfg or /ansible.cfg or by exporting ANSIBLEHOSTKEYCHECKING=False...
ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file
Kurt Seifried reports: There is an issue in ImageMagick that is also present in GraphicsMagick. CVE-2011-3026 deals with libpng memory allocation, and limitations have been added so that a bad PNG can't cause the system to allocate a lot of memory and a denial of service. However on further...
OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service
OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106413 High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team Marty Barbella and independent later discovery by miaubiz. 117627 Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. 121726 Medium CVE-2011-3080: Rac...
typo -- Cross-Site Scripting
Typo Security Team reports: Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages...
libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding
US-CERT reports: The msnoimreporttouser function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service application crash via an OIM message that lacks UTF-8 encoding...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106484 High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. 108461 High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI ZDI-CAN-1415. 108605 High CVE-2011-3927: Uninitialized value in Skia...
couchdb -- DOM based Cross-Site Scripting via Futon UI
Jan Lehnardt reports: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user...
mpack -- Information disclosure
The oss-security list reports: Incorrect permissions on temporary files can lead to information disclosure...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-53 Miscellaneous memory safety hazards rv:9.0 MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library MFSA 2011-55 nsSVGValue out-of-bounds access MFSA 2011-56 Key detection without JavaScript via SVG animation MFSA 2011-58 Crash...
krb5 -- KDC null pointer dereference in TGS handling
The MIT Kerberos Team reports: In releases krb5-1.9 and later, the KDC can crash due to a NULL pointer dereference in code that handles TGS Ticket Granting Service requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a...
php5 -- header splitting attack via carriage-return character
Rui Hirokawa reports: As of PHP 5.1.2, header can no longer be used to send multiple response headers in a single call to prevent the HTTP Response Splitting Attack. header only checks the linefeed LF, 0x0A as line-end marker, it doesn't check the carriage-return CR, 0x0D. However, some browsers...
freetype -- Some type 1 fonts handling vulnerabilities
The FreeType project reports: A couple of vulnerabilities in handling Type 1 fonts...
libxml -- Integer overflow
Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of...
Erlang -- ssh library uses a weak random number generator
US-CERT reports: The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG...
mailman -- CSRF hardening in parts of the web interface
The late Tokio Kikuchi reported: We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...
PivotX -- administrator password reset vulnerability
US CERT reports: PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be affected. This vulnerability is being exploited in the wild and users should immediately upgrade to 2.2.5 or late...
mailman -- XSS vulnerability
CVE reports: Multiple cross-site scripting XSS vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 full name or 2 username field in a confirmation message...
plone -- Remote Security Bypass
Plone developer reports: This is an escalation of privileges attack that can be used by anonymous users to gain access to a Plone site's administration controls, view unpublished content, create new content and modify a site's skin. The sandbox protecting access to the underlying system is still ...
pecl-phar -- format string vulnerability
Entry for CVE-2010-2094 says: Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2010-64 Miscellaneous memory safety hazards rv:1.9.2.11/ 1.9.1.14 MFSA 2010-65 Buffer overflow and memory corruption using document.write MFSA 2010-66 Use-after-free error in nsBarProp MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter MFSA 2010-...
vlc -- invalid id3v2 tags may lead to invalid memory dereferencing
VideoLAN project reports: VLC fails to perform sufficient input validation when trying to extract some meta-informations about input media through ID3v2 tags. In the failure case, VLC attempt dereference an invalid memory address, and a crash will ensure...
piwik -- cross site scripting vulnerability
The Piwik security advisory reports: A non-persistent, cross-site scripting vulnerability XSS was found in Piwik's Login form that reflected the formurl parameter without being properly escaped or filtered...
pidgin -- multiple remote denial of service vulnerabilities
Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows: Pidgin can become unresponsive when displaying large numbers of smileys Certain nicknames in group chat rooms can trigger a crash...
lighttpd -- denial of service vulnerability
Lighttpd security advisory reports: If you send the request data very slow e.g. sleep 0.01 after each byte, lighttpd will easily use all available memory and die especially for parallel requests, allowing a DoS within minutes...
bugzilla -- information leak
A Bugzilla Security Advisory reports: When moving a bug from one product to another, an intermediate page is displayed letting you select the groups the bug should be restricted to in the new product. However, a regression in the 3.4.x series made it ignore all groups which are not available in...
drupal -- multiple vulnerabilities
The Drupal Security Team reports: Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages...
pidgin -- multiple vulnerabilities
Secunia reports: Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system. A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow. A bounda...
squirrelmail -- Cross site scripting vulnerability
Squirrelmail team reports: An issue was fixed that allowed an attacker to send specially- crafted hyperlinks in a message that could execute cross-site scripting XSS when the user viewed the message in SquirrelMail...
openfire -- multiple vulnerabilities
Andreas Kurtz reports: The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. Authentication bypass - This vulnerabili...
cups -- multiple vulnerabilities
The release note of cups 1.3.9 reports: It contains the following fixes: SECURITY: The HP-GL/2 filter did not range check pen numbers STR 2911 SECURITY: The SGI image file reader did not range check 16-bit run lengths STR 2918 SECURITY: The text filter did not range check cpi, lpi, or column valu...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...
fetchmail -- potential crash in -v -v verbose mode (revised patch)
Matthias Andree reports: 2008-06-24 1.2 also fixed issue in reportcomplete reported by Petr Uzel...
phpmyadmin -- Username/Password Session File Information Disclosure
A phpMyAdmin security announcement report: phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...
wireshark -- multiple vulnerabilities
The Wireshark team reports of multiple vulnerabilities: Wireshark could crash when reading an MP3 file. Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet. Stefan Esser discovered a buffer overflow in the SSL dissector. The ANSI MAP dissector cou...