6585 matches found
libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont
freedesktop.org reports: A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font. As libXfont is used to read user-specifi...
libyaml heap overflow resulting in possible code execution
libyaml was prone to a heap overflow that could result in arbitrary code execution. Pkg uses libyaml to parse the package manifests in some cases. Pkg also used libyaml to parse the remote repository until 1.2. RedHat Product Security Team reports on libyaml: A heap-based buffer overflow flaw was...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
varnish -- DoS vulnerability in Varnish HTTP cache
Varnish Cache Project reports: If Varnish receives a certain illegal request, and the subroutine 'vclerror' restarts the request, the varnishd worker process will crash with an assert. The varnishd management process will restart the worker process, but there will be a brief interruption of servi...
mod_fcgid -- possible heap buffer overwrite
Apache Project reports: Fix possible heap buffer overwrite...
cURL library -- heap corruption in curl_easy_unescape
cURL developers report: libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL-encoded strings to raw binary data. URL-encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal...
perl -- denial of service via algorithmic complexity attack on hashing routines
Perl developers report: In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems. Research...
FreeBSD -- Linux compatibility layer input validation error
Problem description: A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation...
otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution
The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. Due to the XSS vulnerability in Internet Explorer an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your Internet Explorer while...
pycrypto -- vulnerable ElGamal key generation
Dwayne C. Litzenberger of PyCrypto reports: In the ElGamal schemes for both encryption and signatures, g is supposed to be the generator of the entire Z^p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^p. The result is that the signature spa...
socat -- Heap-based buffer overflow
The socat development team reports: This vulnerability can be exploited when socat is invoked with the READLINE address this is usually only used interactively without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other arbitrary address...
Apache Traffic Server -- heap overflow vulnerability
CERT-FI reports: A heap overflow vulnerability has been found in the HTTP Hypertext Transfer Protocol protocol handling of Apache Traffic Server. The vulnerability allows an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified HTTP message t...
drupal -- multiple vulnerabilities
Drupal development team reports: Cross Site Request Forgery vulnerability in Aggregator module CVE: CVE-2012-0826 An XSRF vulnerability can force an aggregator feed to update. Since some services are rate-limited e.g. Twitter limits requests to 150 per hour this could lead to a denial of service...
asterisk -- remote crash vulnerability in SIP channel driver
Asterisk project reports: A remote authenticated user can cause a crash with a malformed request due to an unitialized variable...
glpi -- remote attack via crafted POST request
The GLPI project reports: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request...
Apache APR -- DoS vulnerabilities
The Apache Portable Runtime Project reports: Reimplement aprfnmatch from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch spec...
webkit-gtk2 -- Multiple vulnerabilities
Gustavo Noronha Silva reports: The patches to fix the following CVEs are included with help from Huzaifa Sidhpurwala from the Red Hat security team...
Drupal Views plugin -- cross-site scripting
Drupal security team reports: The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting XSS...
php-imap -- Denial of Service
The following DoS condition in IMAP extension was fixed in PHP 5.3.4 and PHP 5.2.15: A remote user can send specially crafted IMAP user name or password data to trigger a double free memory error in 'ext/imap/phpimap.c' and cause the target service to crash. It may be possible to execute arbitrar...
openssl -- TLS extension parsing race condition
OpenSSL Team reports: Rob Hulswit has found a flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that...
Mailman -- cross-site scripting in web interface
Secunia reports: Two vulnerabilities have been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the list descriptions is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary...
e107 -- code execution and XSS vulnerabilities
Secunia Research reported two vulnerabilities in e107: The first problem affects installations that have the Content Manager plugin enabled. This plugin does not sanitize the "contentheading" parameter correctly and is therefore vulnerable to a cross site scripting attack. The second vulnerabilit...
ejabberd -- queue overload denial of service vulnerability
The Red Hat security response team reports: A remotely exploitable DoS from XMPP client to ejabberd server via too many "client2server" messages causing the message queue on the server to get overloaded, leading to server crash has been found...
linux-flashplugin -- multiple vulnerabilities
Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...
cacti -- cross-site scripting issues
The cacti development team reports: The Cross-Site Scripting patch has been posted. This patch addresses cross-site scripting issues reported by Moritz Naumann...
freeradius -- remote packet of death vulnerability
freeRADIUS Vulnerability Notifications reports: 2009.09.09 v1.1.7 - Anyone who can send packets to the server can crash it by sending a Tunnel-Password attribute in an Access-Request packet. This vulnerability is not otherwise exploitable. We have released 1.1.8 to correct this vulnerability. Thi...
wireshark -- PCNFSD Dissector Denial of Service Vulnerability
Secunia reports: A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS. The vulnerability is caused due to an error in the PCNFSD dissector and can be exploited to cause a crash via a specially crafted PCNFSD packet...
quagga -- Denial of Service
Debian Security Team reports: It was discovered that Quagga, an IP routing daemon, could no longer process the Internet routing table due to broken handling of multiple 4-byte AS numbers in an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure leading to a denial...
moinmoin -- cross-site scripting vulnerabilities
Secunia reports: Input passed via multiple parameters to action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site...
wireshark -- multiple vulnerabilities
Vendor reports: On non-Windows systems Wireshark could crash if the HOME environment variable contained sprintf-style string formatting characters. Wireshark could crash while reading a malformed NetScreen snoop file. Wireshark could crash while reading a Tektronix K12 text capture file...
drupal -- multiple vulnerabilities
The Drupal Project reports: The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser user 1 to execute old updates that may damage the database. When an input format is deleted, not all existing content on a site is updated to reflect this deletion...
faad2 -- heap overflow vulnerability
CVE reports: Heap-based buffer overflow in the decodeMP4file function frontend/main.c in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MPEG-4 MP4 file...
ruby -- DoS vulnerability in WEBrick
The official ruby site reports: WEBrick::HTTP::DefaultFileHandler is faulty of exponential time taking requests due to a backtracking regular expression in WEBrick::HTTPUtils.splitheadervalue...
mplayer -- vulnerability in STR files processor
Secunia reports: The vulnerability is caused due to a boundary error within the "strreadpacket" function in libavformat/psxstr.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted STR file...
fetchmail -- potential crash in -v -v verbose mode
Matthias Andree reports: Gunter Nau reported fetchmail crashing on some messages; further debugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic dug up that this happened when fetchmail was trying to print, in -v -v verbose level, headers exceeding 2048 bytes. In this situation,...
Bugzilla -- Directory Traversal in importxml.pl
A Bugzilla Security Advisory reports: When importing bugs using importxml.pl, the --attachpath option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by importxml.pl contains a malicious ../relativepath/to/localfile node, the script...
mantis -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Mantis, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks. Input passed to the "filtertarget" parameter in returndynamicfilters.ph...
serendipity -- multiple cross site scripting vulnerabilities
Hanno Boeck reports: The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely. Various path fields are not escaped properly, thus filling them with javascript code will lead to XSS. MySQL error messages are no...
ikiwiki -- javascript insertion via uris
The ikiwiki development team reports: The htmlscrubber did not block javascript in uris. This was fixed by adding a whitelist of valid uri types, which does not include javascript. Some urls specifyable by the meta plugin could also theoretically have been used to inject javascript; this was also...
drupal -- cross site scripting (utf8)
The Drupal Project reports: When outputting plaintext Drupal strips potentially dangerous HTML tags and attributes from HTML, and escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...
clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability
iDefense Security Advisory 02.12.08: Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists...
cups -- off-by-one buffer overflow
Secunia reports: Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ippReadIO" function in cups/ipp.c when processing IPP Internet Printing Protocol...
samba -- potential Denial of Service bug in smbd
The Samba Team reports: Internally Samba's file server daemon, smbd, implements support for deferred file open calls in an attempt to serve client requests that would otherwise fail due to a share mode violation. When renaming a file under certain circumstances it is possible that the request is...
joomla -- multiple remote vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Joomla!, where some have unknown impacts and one can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can...
ruby -- cgi.rb library Denial of Service
Official ruby site reports: A vulnerability has been discovered in the CGI library cgi.rb that ships with Ruby which could be used by a malicious user to create a denial of service attack DoS. The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as...
python -- buffer overrun in repr() for unicode strings
Benjamin C. Wiley Sittler reports: I discovered a buffer overrun in repr for unicode strings. This causes an unpatched non-debug wide UTF-32/UCS-4 build of python to abort. Ubuntu security team reports: If an application uses repr on arbitrary untrusted data, this bug could be exploited to execut...
clamav -- heap overflow vulnerability
Clamav team reports: A heap overflow vulnerability was discovered in libclamav which could cause a denial of service or allow the execution of arbitrary code. The problem is specifically located in the PE file rebuild function used by the UPX unpacker. Relevant code from libclamav/upx.c: memcpyds...
ruby -- multiple vulnerabilities
Secunia reports: Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted...
amaya -- Attribute Value Buffer Overflow Vulnerabilities
Secunia reports: Amaya have two vulnerabilities, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors within the parsing of various attribute values. This can be exploited to cause stack-based buffer overflows when a user...
OPIE -- arbitrary password change
Problem Description The opiepasswd1 program uses getlogin2 to identify the user calling opiepasswd1. In some circumstances getlogin2 will return "root" even when running as an unprivileged user. This causes opiepasswd1 to allow an unpriviled user to configure OPIE authentication for the root user...