6585 matches found
vlc -- invalid id3v2 tags may lead to invalid memory dereferencing
VideoLAN project reports: VLC fails to perform sufficient input validation when trying to extract some meta-informations about input media through ID3v2 tags. In the failure case, VLC attempt dereference an invalid memory address, and a crash will ensure...
pidgin -- multiple remote denial of service vulnerabilities
Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows: Pidgin can become unresponsive when displaying large numbers of smileys Certain nicknames in group chat rooms can trigger a crash...
lighttpd -- denial of service vulnerability
Lighttpd security advisory reports: If you send the request data very slow e.g. sleep 0.01 after each byte, lighttpd will easily use all available memory and die especially for parallel requests, allowing a DoS within minutes...
bugzilla -- information leak
A Bugzilla Security Advisory reports: When moving a bug from one product to another, an intermediate page is displayed letting you select the groups the bug should be restricted to in the new product. However, a regression in the 3.4.x series made it ignore all groups which are not available in...
drupal -- multiple vulnerabilities
The Drupal Security Team reports: Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages...
pidgin -- multiple vulnerabilities
Secunia reports: Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system. A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow. A bounda...
squirrelmail -- Cross site scripting vulnerability
Squirrelmail team reports: An issue was fixed that allowed an attacker to send specially- crafted hyperlinks in a message that could execute cross-site scripting XSS when the user viewed the message in SquirrelMail...
syslog-ng2 -- startup directory leakage in the chroot environment
Florian Grandel reports: I have not had the time to analyze all of syslog-ng code. But by reading the code section near the chroot call and looking at strace results I believe that syslog-ng does not chdir to the chroot jail's location before chrooting into it. This opens up ways to work around t...
openfire -- multiple vulnerabilities
Andreas Kurtz reports: The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. Authentication bypass - This vulnerabili...
cups -- multiple vulnerabilities
The release note of cups 1.3.9 reports: It contains the following fixes: SECURITY: The HP-GL/2 filter did not range check pen numbers STR 2911 SECURITY: The SGI image file reader did not range check 16-bit run lengths STR 2918 SECURITY: The text filter did not range check cpi, lpi, or column valu...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...
fetchmail -- potential crash in -v -v verbose mode (revised patch)
Matthias Andree reports: 2008-06-24 1.2 also fixed issue in reportcomplete reported by Petr Uzel...
phpmyadmin -- Username/Password Session File Information Disclosure
A phpMyAdmin security announcement report: phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...
wireshark -- multiple vulnerabilities
The Wireshark team reports of multiple vulnerabilities: Wireshark could crash when reading an MP3 file. Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet. Stefan Esser discovered a buffer overflow in the SSL dissector. The ANSI MAP dissector cou...
jetty -- multiple vulnerabilities
Cross-site scripting XSS vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters...
plone -- unsafe data interpreted as pickles
Plone projectreports: This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process...
xfs -- multiple vulnerabilities
Matthieu Herrb reports: Problem Description: Several vulnerabilities have been identified in xfs, the X font server. The QueryXBitmaps and QueryXExtents protocol requests suffer from lack of validation of their 'length' parameters. Impact: On most modern systems, the font server is accessible onl...
bugzilla -- "createmailregexp" security bypass vulnerability
The Bugzilla development team reports: Bugzilla::WebService::User::offeraccountbyemail does not check the "createemailregexp" parameter, and thus allows users to create accounts who would normally be denied account creation. The "emailregexp" parameter is still checked. If you do not have the...
wireshark -- Multiple problems
wireshark Team reports: It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file...
mysql -- renaming of arbitrary tables by authenticated users
MySQL reports: The requirement of the DROP privilege for RENAME TABLE was not enforced...
p5-Imager -- possibly exploitable buffer overflow
Imager 0.56 and all earlier versions with BMP support have a security issue when reading compressed 8-bit per pixel BMP files where either a compressed run of data or a literal run of data overflows the scan-line. Such an overflow causes a buffer overflow in a malloc allocated memory buffer,...
WebCalendar -- "noSet" variable overwrite vulnerability
Secunia reports: A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system. Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite...
opera -- URL parsing heap overflow vulnerability
iDefense Labs reports: Remote exploitation of a heap overflow vulnerability within version 9 of Opera Software's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. A flaw exists within Opera when parsing a tag that contains a URL. A heap buffer with a consta...
libxine -- buffer overflow vulnerability
A Secunia Advisory reports: Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system. The weakness is cause due to a heap corruption within the "xinepluginphttp.so" plugin when handling an overly lar...
postgresql -- encoding based SQL injection
The PostgreSQL development team reports: An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands in...
linux-realplayer -- heap overflow
iDefense Reports: Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user. In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a...
heimdal -- Multiple vulnerabilities
A Project heimdal Security Advisory reports: The telnet client program in Heimdal has buffer overflows in the functions slcaddreply and envoptadd, which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to...
squid -- FTP server response handling denial of service
A Secunia Advisory reports: M.A.Young has reported a vulnerability in Squid, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error in handling certain FTP server responses. This can be exploited to crash Squid by visiting a...
xloadimage -- buffer overflows in NIFF image title handling
Ariel Berkman reports: Unlike most of the supported image formats in xloadimage, the NIFF image format can store a title name of arbitrary length as part of the image file. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. ...
squirrelmail -- _$POST variable handling allows for various attacks
A Squirrelmail Advisory reports: An extract$POST was done in optionsidentities.php which allowed for an attacker to set random variables in that file. This could lead to the reading and possible writing of other people's preferences, cross site scripting or writing files in webserver-writable...
acroread -- XML External Entity vulnerability
Sverre H. Huseby discovered a vulnerability in Adobe Acrobat and Adobe Reader. Under certain circumstances, using XML scripts it is possible to discover the existence of local files...
mambo -- multiple vulnerabilities
A Secunia Advisory reports: Some vulnerabilities have been reported in Mambo, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing and SQL injection attacks. Input passed to the "userrating" parameter when voting isn't properly sanitised before being...
fswiki -- XSS problem in file upload form
A Secunia security advisory reports: A vulnerability has been reported in FreeStyle Wiki and FSWikiLite, which can be exploited by malicious people to conduct script insertion attacks. Input passed in uploaded attachments is not properly sanitised before being used. This can be exploited to injec...
gld -- format string and buffer overflow vulnerabilities
Gld has been found vulnerable to multiple buffer overflows as well as multiple format string vulnerabilities. An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root. The FreeBSD port defaults to running gld ...
ethereal -- multiple protocol dissectors vulnerabilities
An Ethreal Security Advisories reports: Issues have been discovered in the following protocol dissectors: Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704 The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. CVE: CAN-2005-0705...
perl -- vulnerabilities in PERLIO_DEBUG handling
Kevin Finisterre discovered bugs in perl's I/O debug support: The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 A buffer overflow may occur in...
postgresql -- multiple vulnerabilities
Multiple vulnerabilities had been reported in various versions of PostgreSQL: The EXECUTE restrictions can be bypassed by using the AGGREGATE function, which is missing a permissions check. A buffer overflow exists in gram.y which could allow an attacker to execute arbitrary code by sending a lar...
squid -- confusing results on empty acl declarations
Applying an empty ACL list results in unexpected behavior: anything will match an empty ACL list. For example, The meaning of the configuration gets very confusing when we encounter empty ACLs such as acl something src "/path/to/emptyfile.txt" httpaccess allow something somewhere gets parsed with...
mod_dav -- lock related denial-of-service
A malicious user with DAV write privileges can trigger a null pointer dereference in the Apache moddav module. This could cause the server to become unavailable...
krb5 -- double-free vulnerabilities
An advisory published by the MIT Kerberos team says: The MIT Kerberos 5 implementation's Key Distribution Center KDC program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire...
a2ps -- insecure command line argument handling
Rudolf Polzer reports: a2ps builds a command line for file containing an unescaped version of the file name, thus might call external programs described by the file name. Running a cronjob over a public writable directory a2ps-ing all files in it - or simply typing "a2ps .txt" in /tmp - is...
gaim remotely exploitable vulnerabilities in MSN component
Sebastian Krahmer discovered several remotely exploitable buffer overflow vulnerabilities in the MSN component of gaim. In two places in the MSN protocol plugins object.c and slp.c, strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN's...
acroread uudecoder input validation error
An iDEFENSE security advisory reports: Remote exploitation of an input validation error in the uudecoding feature of Adobe Acrobat Reader Unix 5.0 allows an attacker to execute arbitrary code. The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically attempt to convert uuencoded...
Mutiple browser frame injection vulnerability
A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports: The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a nam...
Buffer overflow in Squid NTLM authentication helper
Remote exploitation of a buffer overflow vulnerability in the NTLM authentication helper routine of the Squid Web Proxy Cache could allow a remote attacker to execute arbitrary code. A remote attacker can compromise a target system if the Squid Proxy is configured to use the NTLM authentication...
mozilla -- automated file upload
A malicious web page can cause an automated file upload from the victim's machine when viewed with Mozilla with Javascript enabled. This is due to a bug permitting default values for type="file" elements in certain situations...
racoon fails to verify signature during Phase 1
Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade. Installations using pre-shared keys are believed to be unaffected...
jailed processes can manipulate host routing tables
A programming error resulting in a failure to verify that an attempt to manipulate routing tables originated from a non-jailed process. Jailed processes running with superuser privileges could modify host routing tables. This could result in a variety of consequences including packets being sent...
xloadimage -- buffer overflow in FACES image handling
In 2001, zen-parse discovered a buffer overflow in xloadimage's FACES image loader. A maliciously crafted image could cause xloadimage to execute arbitrary code. A published exploit exists for this vulnerability. In 2005, Rob Holland discovered that the same vulnerability was present in xli...
OpenEXR -- 3.4.12 fixes multiple vulnerabilities
Cary Phillips reports: The OpenEXR 3.4.12 release addresses the following security vulnerabilities: CVE-2026-45696 OpenEXR htundoimpl heap-buffer-overflow READ via codestream/channel width mismatch in HTJ2K decode CVE-2026-44663 Integer overflow in HTJ2K decoder htundoimpl leading to...