6585 matches found
linux-flashplugin7 -- arbitrary code execution vulnerabilities
Adobe reports: Multiple input validation errors have been identified in Flash Player 8.0.24.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user?s web browser, ema...
gnutls -- RSA Signature Forgery Vulnerability
Secunia reports: A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to forg...
mambo -- SQL injection vulnerabilities
The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code...
clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability
Secunia reports: A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS Denial of Service and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the HTTP client in the Freshclam command line...
xine -- multiple remote string vulnerabilities
c0ntexb reports: There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedd...
mplayer -- Multiple integer overflows
Secunia reports: The vulnerabilities are caused due to integer overflow errors in "libmpdemux/asfheader.c" within the handling of an ASF file, and in "libmpdemux/aviheader.c" when parsing the "indx" chunk in an AVI file. This can be exploited to cause heap-based buffer overflows via a malicious A...
mediawiki -- cross site scripting vulnerability
The mediawiki development team reports that there is an site scripting vulnerability within mediawiki. The vulnerability is caused by improper checking of encoded links which could allow the injection of html in the output generated by mediawiki. This could lead to cross site scripting attacks...
ipfw -- IP fragment denial of service
Problem description: The firewall maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized. Impact: An attacker can cause the firewall...
openvpn -- arbitrary code execution on client through malicious or compromised server
James Yonan reports: A format string vulnerability in the foreignoption function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. Only non-Windows clients are affected. The vulnerability only exists if a the client's TLS negotiation...
mantis -- "t_core_path" file inclusion vulnerability
Secunia Research reports: Input passed to the "tcorepath" parameter in "bugsponsorshiplistviewinc.php" isn't properly verified, before it used to include files. This can be exploited to include arbitrary files from external and local resources...
bogofilter -- heap corruption through excessively long words
Matthias Andree reports: Bogofilter's/bogolexer's input handling in version 0.96.2 was not keeping track of its output buffers properly and could overrun a heap buffer if the input contained words whose length exceeded 16,384 bytes, the size of flex's input buffer. A "word" here refers to a...
openssl -- potential SSL 2.0 rollback
Vulnerability: Such applications are affected if they use the option SSLOPMSIESSLV2RSAPADDING. This option is implied by use of SSLOPALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSLOPMSIESSLV2RSAPADDING option disables a...
libxine -- format string vulnerability
Gentoo Linux Security Advisory reports: Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents. An attacker could submit malicious information about an audio CD to a public CDDB server or impersonate a public CDDB server. When the victim plays this CD...
xloadimage -- buffer overflows in NIFF image title handling
Ariel Berkman reports: Unlike most of the supported image formats in xloadimage, the NIFF image format can store a title name of arbitrary length as part of the image file. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. ...
freeradius -- multiple vulnerabilities
The freeradious development team reports: Multiple issues exist with version 1.0.4, and all prior versions of the server. Externally exploitable vulnerabilities exist only for sites that use the rlmsqlcounter module. Those sites may be vulnerable to SQL injection attacks, similar to the issues...
pcre -- regular expression buffer overflow
The pcre library is vulnerable to a buffer overflow vulnerability due to insufficient validation of quantifier values. This could lead execution of arbitrary code with the permissions of the program using pcre by way of a specially crated regular expression...
openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
James Yonan reports: If the client sends a packet which fails to decrypt on the server, the OpenSSL error queue is not properly flushed, which can result in another unrelated client instance on the server seeing the error and responding to it, resulting in disconnection of the unrelated client...
squid -- Denial Of Service Vulnerability in sslConnectTimeout
The squid patches page notes: After certain slightly odd requests Squid crashes with a segmentation fault in sslConnectTimeout...
libgadu -- multiple vulnerabilities
Wojtek Kaniewski reports: Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure...
tiff -- buffer overflow vulnerability
A Gentoo Linux Security Advisory reports: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Successful exploitation would require the victim to open a specially crafte...
gaim -- MSN remote DoS vulnerability
The GAIM team reports: Potential remote denial of service bug resulting from not checking a pointer for non-NULL before passing it to strncmp, which results in a crash. This can be triggered by a remote client sending an SLP message with an empty body...
gaim -- jabber remote crash
The GAIM team reports: A remote jabber user can cause Gaim to crash by sending a specific file transfer request...
mozilla -- javascript "lambda" replace exposes memory contents
A Mozilla Foundation Security Advisory reports: A bug in javascript's regular expression string replacement when using an anonymous function as the replacement argument allows a malicious script to capture blocks of memory allocated to the browser. A web site could capture data and transmit it to...
lighttpd -- script source disclosure vulnerability
The lighttpd website reports: In lighttpd 1.3.7 and below it is possible to fetch the source files which should be handled by CGI or FastCGI applications. The vulnerability is in the handling of urlencoded trailing NUL bytes. Installations that do not use CGI or FastCGI are not affected...
squid -- DoS on failed PUT/POST requests vulnerability
The squid patches page notes: An inconsistent state is entered on a failed PUT/POST request making a high risk for segmentation faults or other strange errors...
phpmyadmin -- increased privilege vulnerability
The phpMyAdmin team reports: Escaping of the "" character was not properly done, giving a wildcard privilege when editing db-specific privileges with phpMyAdmin...
squid -- buffer overflow in WCCP recvfrom() call
According to the Squid Proxy Cache Security Update Advisory SQUID-2005:3, The WCCP recvfrom call accepts more data than will fit in the allocated buffer. An attacker may send a larger-than-normal WCCP message to Squid and overflow this buffer. Severity: The bug is important because it allows remo...
clamav -- zip handling DoS vulnerability
The clamav daemon is vulnerable to a DoS vulnerability due to insufficient handling of malformed zip files which can crash the clamav daemon...
opera -- "data:" URI handler spoofing vulnerability
A Secunia Advisory reports: Michael Holzt has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to an error in the processing of "data:" URIs, causing wrong information to be shown in a...
squid -- no sanity check of usernames in squid_ldap_auth
The LDAP authentication helper did not strip leading or trailing spaces from the login name. According to the squid patches page: LDAP is very forgiving about spaces in search filters and this could be abused to log in using several variants of the login name, possibly bypassing explicit access...
opera -- kfmclient exec command execution vulnerability
Giovanni Delvecchio reports: Opera for linux uses "kfmclient exec" as "Default Application" to handle saved files. This could be used by malicious remote users to execute arbitrary shell commands on a target system...
viewcvs -- information leakage
The hidecvsroot and forbidden configuration options are not properly honored by viewcvs when exporting to a tar file which can lead to information leakage...
Cyrus IMAPd -- FETCH command out of bounds memory corruption
The argument parser of the fetch command suffers a bug very similiar to the partial command problem. Arguments like "bodyp", "binaryp" or "binaryp" will be wrongly detected and the bufferposition can point outside of the allocated buffer for the rest of the parsing process. When the parser trigge...
samba -- potential remote DoS vulnerability
Karol Wiesek at iDEFENSE reports: A remote attacker could cause an smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters. Although samba.org classifies this as a DoS vulnerability, several members of th...
imlib2 -- BMP decoder buffer overflow
Marcus Meissner discovered that imlib2's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability. There appears to be both a stack-based and a heap-based buffer overflow that are believed to be exploitable for arbitrary code executio...
Mozilla / Firefox user interface spoofing vulnerability
The Mozilla project's family of browsers contain a design flaw that can allow a website to spoof almost perfectly any part of the Mozilla user interface, including spoofing web sites for phishing or internal elements such as the "Master Password" dialog box. This achieved by manipulating "chrome"...
lha -- numerous vulnerabilities when extracting archives
Source code reviews of lha by Lukasz Wojtow, Thomas Biege, and others uncovered a number of vulnerabilities affecting lha: Buffer overflows when handling archives and filenames. CVE-2004-0694 Possible command execution via shell meta-characters when built with NOMKDIR. CVE-2004-0745 Buffer overfl...
mailman -- password disclosure
Barry Warsaw reports: Today I am releasing Mailman 2.1.5, a bug fix release ... This version also contains a fix for an exploit that could allow 3rd parties to retrieve member passwords. It is thus highly recommended that all existing sites upgrade to the latest version...
Midnight Commander buffer overflows, format string bugs, and insecure temporary file handling
Jakub Jelinek reports several security related bugs in Midnight Commander, including: Multiple buffer overflows CVE-2004-0226 Insecure temporary file handling CVE-2004-0231 Format string bug CVE-2004-0232...
ProFTPD ASCII translation bug resulting in remote root compromise
A buffer overflow exists in the ProFTPD code that handles translation of newline characters during ASCII-mode file uploads. An attacker may exploit this buffer overflow by uploading a specially crafted file, resulting in code execution and ultimately a remote root compromise...
ecartis buffer overflows and input validation bugs
Timo Sirainen reports multiple buffer overflows that may be triggered while parsing messages, as well as input validation errors that could result in disclosure of mailing list passwords. These bugs were resolved in the August 2003 snapshot of ecartis...
cscope -- symlink attack vulnerability
cscope is vulnerable to a symlink attack which could lead to an attacker overwriting arbitrary files with the permissions of the user running cscope...
mailman XSS in user options page
From the 2.1.1 release notes: Closed a cross-site scripting vulnerability in the user options page...
multiple buffer overflows in xboing
Steve Kemp reports in a Debian bug submission: Due to improper bounds checking it is possible for a malicious user to gain a shell with membership group 'games'. The binary is installed setgid games. Environmental variables are used without being bounds-checked in any way, from the source code:...
xloadimage -- buffer overflow in FACES image handling
In 2001, zen-parse discovered a buffer overflow in xloadimage's FACES image loader. A maliciously crafted image could cause xloadimage to execute arbitrary code. A published exploit exists for this vulnerability. In 2005, Rob Holland discovered that the same vulnerability was present in xli...
Gitlab -- vulnerabilities
Gitlab reports: SAML authentication bypass...
qt5-webengine -- Multiple vulnerabilities
Backports for 6 security bugs in Chromium: CVE-2024-5496: Use after free in Media Session CVE-2024-5846: Use after free in PDFium CVE-2024-6291: Use after free in Swiftshader CVE-2024-6989: Use after free in Loader CVE-2024-6996: Race in Frames CVE-2024-7536: Use after free in WebAudio...
qt6-webengine -- Multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: CVE-2024-4948: Use after free in Dawn CVE-2024-5274: Type Confusion in V8 CVE-2024-5493: Heap buffer overflow in WebRTC CVE-2024-5494: Use after free in Dawn CVE-2024-5495: Use after free in Dawn CVE-2024-5496: Use...
openvpn -- two security fixes
Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs three on Windows: CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. Reynir Björnss...
Intel CPUs -- multiple vulnerabilities
Intel reports: Potential security vulnerabilities in some Intel Trust Domain Extensions TDX module software may allow escalation of privilege. Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of...