6583 matches found
konquerer -- address bar spoofing
The KDE development team reports: The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL...
rsync -- off by one stack overflow
BugTraq reports: The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input. Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility...
dokuwiki -- XSS vulnerability in spellchecker backend
DokuWiki reports: The spellchecker tests the UTF-8 capabilities of the used browser by sending an UTF-8 string to the backend, which will send it back unfiltered. By comparing string length the spellchecker can work around broken implementations. An attacker could construct a form to let users se...
p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability
SpamAssassin website reports: A local user symlink-attack DoS vulnerability in SpamAssassin has been found, affecting versions 3.1.x, 3.2.0, and SVN trunk...
phppgadmin -- cross site scripting vulnerability
SecurityFocus reports about phppgadmin: Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch...
FreeType 2 -- Heap overflow vulnerability
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative npoints value, which leads to an integer overflow and heap-based buffer overflow...
fetchmail -- insecure APOP authentication
Matthias Andree reports: The POP3 standard, currently RFC-1939, has specified an optional, MD5-based authentication scheme called "APOP" which no longer should be considered secure. Additionally, fetchmail's POP3 client implementation has been validating the APOP challenge too lightly and accepte...
mcweject -- exploitable buffer overflow
CVE reports: Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name...
moinmoin -- multiple vulnerabilities
MoinMoin Security advisory XSS issue in login action XSS issue in AttachFile action XSS issue in RenamePage/DeletePage action XSS issue in gui editor...
drupal -- multiple vulnerabilities
The Drupal security team reports: A few arguments passed via URLs are not properly sanitized before display. When an attacker is able to entice an administrator to follow a specially crafted link, arbitrary HTML and script code can be injected and executed in the victim's session. Such an attack...
Imlib2 -- multiple image file processing vulnerabilities
Secunia reports: Some vulnerabilities have been reported in imlib2, which can be exploited by malicious people to cause a DoS Denial of Service or potentially compromise an application using the library. The vulnerabilities are caused due to unspecified errors within the processing of JPG, ARGB,...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: Sometimes the information put into the and tags in Bugzilla was not properly escaped, leading to a possible XSS vulnerability. Bugzilla administrators were allowed to put raw, unfiltered HTML into many fields in Bugzilla, leading to a possible XSS...
php -- open_basedir Race Condition Vulnerability
Stefan Esser reports: PHP's openbasedir feature is meant to disallow scripts to access files outside a set of configured base directories. The checks for this are placed within PHP functions dealing with files before the actual open call is performed. Obviously there is a little span of time...
sppp -- buffer overflow vulnerability
Problem Description While processing Link Control Protocol LCP configuration options received from the remote host, sppp4 fails to correctly validate option lengths. This may result in data being read or written beyond the allocated kernel memory buffer. Impact An attacker able to send LCP packet...
alsaplayer -- multiple vulnerabilities
Luigi Auriemma reports three vulnerabilities within alsaplayer: The function which handles the HTTP connections is vulnerable to a buffer-overflow that happens when it uses sscanf for copying the URL in the Location's field received from the server into the redirect buffer of only 1024 bytes...
firefox -- denial of service vulnerability
A Mozilla Foundation Security Advisory reports for deleted object reference when designMode="on" Martijn Wargers and Nick Mott each described crashes that were discovered to ultimately stem from the same root cause: attempting to use a deleted controller context when designMode was turned on. Thi...
openvpn -- potential denial-of-service on servers in TCP mode
James Yonan reports: If the TCP server accept call returns an error status, the resulting exception handler may attempt to indirect through a NULL pointer, causing a segfault. Affects all OpenVPN 2.0 versions...
skype -- multiple buffer overflow vulnerabilities
A Secunia Advisory reports: Some vulnerabilities have been reported in Skype, which can be exploited by malicious people to cause a DoS or to compromise a user's system...
firefox & mozilla -- multiple vulnerabilities
A Mozilla Foundation Security Advisory reports of multiple issues: Heap overrun in XBM image processing jackerror reports that an improperly terminated XBM image ending with space characters instead of the expected end tag can lead to a heap buffer overrun. This appears to be exploitable to insta...
firefox & mozilla -- command line URL shell command injection
A Secunia Advisory reports: Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in th...
xpdf -- disk fill DoS vulnerability
xpdf is vulnerable to a denial of service vulnerability which can cause xpdf to create an infinitely large file, thereby filling up the /tmp partition, when opening a specially crafted PDF file. Note that several applications contains an embedded version of xpdf, therefor making them the vulnerab...
PowerDNS -- LDAP backend fails to escape all queries
The LDAP backend in PowerDNS has issues with escaping queries which could cause connection errors. This would make it possible for a malicious user to temporarily blank domains. This is known to affect all releases prior to 2.9.18...
clamav -- MS-Expand file handling DoS vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition. The vulnerability specifically exists due to improper behavior during exceptional conditions. Successful exploitation allows...
ruby -- arbitrary command execution on XMLRPC server
Nobuhiro IMAI reports: the default value modification on Modulepublicinstancemethods from false to true breaks s.addhandlerXMLRPC::iPIMethods"sample", MyHandler.new style security protection. This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby...
opera -- XMLHttpRequest security bypass
A Secunia Advisory reports: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to steal content or to perform actions on other web sites with the privileges of the user. Normally, it should not be possible for the XMLHttpRequest object to access...
gaim -- remote DoS on receiving certain messages over IRC
The GAIM team reports: The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows 1 remote attackers to inject arbitrary Gaim markup via ircmsgkick, ircmsgmode, ircmsgpart, ircmsgquit, 2 remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via...
racoon -- remote denial-of-service
Sebastian Krahmer discovered that the racoon ISAKMP daemon could be crashed with a maliciously crafted UDP packet. No authentication is required in order to perform the attack...
gaim -- remote DoS on receiving malformed HTML
The GAIM team reports: Receiving malformed HTML can result in an invalid memory access causing Gaim to crash...
emacs -- movemail format string vulnerability
Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. They can be exploited when connecting to a malicious POP server and can allow an attacker can execute arbitrary code under the privileges of the user running Emacs...
mpg123 -- buffer overflow vulnerability
Yuri D'Elia has found a buffer overflow vulnerability in mpg123's parsing of frame headers in input streams. This vulnerability can potentially lead to execution of arbitrary code with the permissions of the user running mpg123, if the user runs mpg123 on a specially crafted MP2 or MP3 file...
yamt -- arbitrary command execution vulnerability
Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tagsort routine which does not properly sanitize the artist tag from the...
xpdf -- buffer overflow vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage...
twiki -- arbitrary shell command execution
Hans Ulrich Niedermann reports: The TWiki search function uses a user supplied search string to compose a command line executed by the Perl backtick operator. The search string is not checked properly for shell metacharacters and is thus vulnerable to search string containing quotes and shell...
libxml -- remote buffer overflows
infamous41md reports that libxml contains multiple buffer overflows in the URL parsing and DNS name resolving functions. These vulnerabilities could lead to execution of arbitrary code...
awstats -- remote command execution vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server. The problem specifically exists when the application is running as a CGI script on a web server. The...
mod_ssl -- SSLCipherSuite bypass
It is possible for clients to use any cipher suite configured by the virtual host, whether or not a certain cipher suite is selected for a specific directory. This might result in clients using a weaker encryption than originally configured...
apache -- heap overflow in mod_proxy
A buffer overflow exists in modproxy which may allow an attacker to launch local DoS attacks and possibly execute arbitrary code...
mozilla -- users may be lured into bypassing security dialogs
According to the Mozilla project: An attacker who could lure users into clicking in particular places, or typing specific text, could cause a security permission or software installation dialog to pop up under the user's mouse click, clicking on the grant or install button...
multiple vulnerabilities in ethereal
Stefan Esser of e-matters Security discovered a baker's dozen of buffer overflows in Ethereal's decoders, including: NetFlow IGAP EIGRP PGM IRDA BGP ISUP TCAP UCP In addition, a vulnerability in the RADIUS decoder was found by Jonathan Heusser. Finally, there is one uncredited vulnerability...
mysql -- ALTER MERGE denial of service vulnerability
Dean Ellis reported a denial of service vulnerability in the MySQL server: Multiple threads ALTERing the same or different MERGE tables to change the UNION eventually crash the server or hang the individual threads. Note that a script demonstrating the problem is included in the MySQL bug report...
leafnode fetchnews denial-of-service triggered by truncated transmission
When a downloaded news article ends prematurely, i. e. when the server sends CRLF.CRLF before sending a blank line, fetchnews may wait indefinitely for data that never arrives. Workaround: configure "minlines=1" or use a bigger value in the configuration file. Found by Toni Viemerö...
rsync buffer overflow in server mode
When rsync is run in server mode, a buffer overflow could allow a remote attacker to execute arbitrary code with the privileges of the rsync server. Anonymous rsync servers are at the highest risk...
pine remotely exploitable vulnerabilities
Pine versions prior to 4.58 are affected by two vulnerabilities discovered by iDEFENSE, a buffer overflow in mailview.c and an integer overflow in strings.c. Both vulnerabilities can result in arbitrary code execution when processing a malicious message...
mpg123 vulnerabilities
In 2003, two vulnerabilities were discovered in mpg123 that could result in remote code execution when using untrusted input or streaming from an untrusted server...
Cyrus IMAP pre-authentication heap overflow vulnerability
In December 2002, Timo Sirainen reported: Cyrus IMAP server has a remotely exploitable pre-login buffer overflow. ... Note that you don't have to log in before exploiting this, and since Cyrus runs everything under one UID, it's possible to read every user's mail in the system. It is unknown...
FreeBSD-kernel -- ASLR bypass for setuid executables via procctl(2)
Problem Description: The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. Impact: ...
Apache httpd -- evaluation always true
The Apache httpd project reports: 'RewriteCond expr' always evaluates to true in 2.4.64...
Gitlab -- Vulnerabilities
Gitlab reports: Stored XSS via Asciidoctor render Developer could exfiltrate protected CI/CD variables via CI lint Cyclic reference of epics leads resource exhaustion...
Gitlab -- vulnerabilities
Gitlab reports: Execute environment stop actions as the owner of the stop action job Prevent code injection in Product Analytics funnels YAML SSRF via Dependency Proxy Denial of Service via sending a large glmsource parameter CIJOBTOKEN can be used to obtain GitLab session token Variables from...
Gitlab -- Vulnerabilities
Gitlab reports: XSS via the Maven Dependency Proxy Project level analytics settings leaked in DOM Reports can access and download job artifacts despite use of settings to prevent it Direct Transfer - Authorised project/group exports are accessible to other users Bypassing tag check and branch che...