6583 matches found
FreeBSD -- NFS remote denial of service
Insufficient input validation in the NFS server allows an attacker to cause the underlying file system to treat a regular file as a directory...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
nss-pam-ldapd -- file descriptor buffer overflow
Garth Mollett reports: A file descriptor overflow issue in the use of FDSET in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary cod...
squid -- denial of service
Squid developers report: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client able to reach the cachemgr.cgi to perform a denial of service attack on the service host. The...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
django -- multiple vulnerabilities
The Django Project reports: Host header poisoning Several earlier Django security releases focused on the issue of poisoning the HTTP Host header, causing Django to generate URLs pointing to arbitrary, potentially-malicious domains. In response to further input received and reports of continuing...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
fetchmail -- two vulnerabilities in NTLM authentication
Matthias Andree reports: With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV. Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location...
OpenTTD -- Denial of Service
The OpenTTD Team reports: Denial of service server using ships on half tiles and landscaping...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 117409 High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community Brett Wilson. 118018 Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team Inferno. 120912 High CVE-2011-3105: Use-after-free...
asterisk -- multiple vulnerabilities
Asterisk project reports: Remote Crash Vulnerability in SIP Channel Driver Heap Buffer Overflow in Skinny Channel Driver Asterisk Manager User Unauthorized Shell Access...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106577 Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. 117583 Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. 117698 High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. 117728 Hig...
NVIDIA UNIX driver -- access to arbitrary system memory
NVIDIA Unix security team reports: Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary...
linux-flashplugin -- multiple vulnerabilities
These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
phpMyAdmin -- Multiple XSS
The phpMyAdmin development team reports: Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the vie...
OpenTTD -- Multiple buffer overflows in validation of external data
The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service daemon crash or possibly gain privileges via 1 a crafted BMP file with RLE compression or 2 crafted dimensions in a BMP file...
subversion -- remote HTTP DoS vulnerability
Subversion project reports: Subversion HTTP servers up to 1.5.9 inclusive or 1.6.15 inclusive are vulnerable to a remotely triggerable NULL-pointer dereference...
subversion -- multiple DoS
Entry for CVE-2010-4539 says: The walk function in repos.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger the...
krb5 -- client impersonation vulnerability
The MIT Kerberos team reports: MIT krb5 KDC may issue tickets not requested by a client, based on an attacker-chosen KrbFastArmoredReq. An authenticated remote attacker that controls a legitimate service principal could obtain a valid service ticket to itself containing valid KDC-generated...
squid -- Denial of service vulnerability in request handling
Squid security advisory 2010:3 reports: Due to an internal error in string handling Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any trusted client to perform a denial of service attack on the Squid service...
git -- buffer overflow vulnerability
Greg Brockman reports: If an attacker were to create a crafted working copy where the user runs any git command, the attacker could force execution of arbitrary code...
joomla -- multiple vulnerabilities
Joomla! reported the following vulnerabilities: If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.. The migration script in the Joomla! installer does not check the file type being uploaded. If the installation...
wireshark -- LWRES vulnerability
Wireshark project reports: Babi discovered several buffer overflows in the LWRES dissector. It may be possible to make Wireshark crash remotely or by convincing someone to read a malformed packet trace file...
Zend Framework -- multiple vulnerabilities
The Zend Framework team reports: Potential XSS or HTML Injection vector in ZendJson. Potential XSS vector in ZendServiceReCaptchaMailHide. Potential MIME-type Injection in ZendFileTransfer Executive Summary. Potential XSS vector in ZendFilterStripTags when comments allowed. Potential XSS vector i...
typo3 -- multiple vulnerabilities in TYPO3 Core
TYPO3 develop team reports: Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below. SQL injection, Cross-site scripting XSS, Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/sessio...
bugzilla -- two SQL injections, sensitive data exposure
A Bugzilla Security Advisory reports: It is possible to inject raw SQL into the Bugzilla database via the "Bug.create" and "Bug.search" WebService functions. When a user would change his password, his new password would be exposed in the URL field of the browser if he logged in right after changi...
squid -- several remote denial of service vulnerabilities
Squid security advisory 2009:2 reports: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses. Due to incorrect data validation Squid is vulnerable to a denial of service attack when...
phpmyadmin -- insufficient output sanitizing when generating configuration file
phpMyAdmin Team reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. This...
wireshark -- multiple vulnerabilities
Wireshark team reports: Wireshark 1.0.7 fixes the following vulnerabilities: The PROFINET dissector was vulnerable to a format string overflow. Bug 3382 Versions affected: 0.99.6 to 1.0.6, CVE-2009-1210. The Check Point High-Availability Protocol CPHAP dissector could crash. Bug 3269 Versions...
pango -- integer overflow
oCERT reports: Pango suffers from a multiplicative integer overflow which may lead to a potentially exploitable, heap overflow depending on the calling conditions. For example, this vulnerability is remotely reachable in Firefox by creating an overly large document.location value but only results...
dia -- remote command execution vulnerability
Security Focus reports: An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-i...
mplayer -- twinvq processing buffer overflow vulnerability
A trapkit reports: MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of MPlayer...
phpmyadmin -- cross-site request forgery vulnerability
The phpMyAdmin Team reports: A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter...
php5 -- potential magic_quotes_gpc vulnerability
PHP Developers reports: Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magicquotesgpc is enabled, because it remains off even when set to on...
p5-File-Path -- rmtree allows creation of setuid files
Jan Lieskovsky reports: perl-File-Path rmtree race condition CVE-2005-0448 was assigned to address this This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1. It's also present in File::Path 2.xx, up to and including 2.07 which has only a partial fix...
imlib2 -- XPM processing buffer overflow vulnerability
Secunia reports: A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a pointer arithmetic error within the "load" function provided by the XPM loader. This can be...
openoffice -- arbitrary code execution vulnerabilities
The OpenOffice Team reports: A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running...
cups -- potential buffer overflow in PNG reading code
CUPS reports: The PNG image reading code did not validate the image size properly, leading to a potential buffer overflow STR 2974...
mplayer -- multiple integer overflows
The oCERT team reports: The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video...
phpmyadmin -- Code execution vulnerability
A phpMyAdmin security announcement: The serverdatabases.php script was vulnerable to an attack coming from a user who is already logged-on to phpMyAdmin, where he can execute shell code if the PHP configuration permits commands like exec...
neon -- NULL pointer dereference in Digest domain support
Joe Orton reports: A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possible denial of service...
ruby -- multiple integer and buffer overflow vulnerabilities
The official ruby site reports: Multiple vulnerabilities in Ruby may lead to a denial of service DoS condition or allow execution of arbitrary code...
spamdyke -- open relay
Spamdyke Team reports: Fixed smtpfilter to reject the DATA command if no valid recipients have been specified. Otherwise, a specific scenario could result in every spamdyke installation being used as an open relay. If the remote server connects and gives one or more recipients that are rejected f...
peercast -- arbitrary code execution
Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execure arbitrary code...
ghostscript -- zseticcspace() function buffer overflow vulnerability
Chris Evans from the Google Security Team reports: Severity: parsing of evil PostScript file will result in arbitrary code execution. A stack-based buffer overflow in the zseticcspace function in zicc.c allows remote arbitrary code execution via a malicious PostScript file .ps that contains a lon...
mplayer -- multiple vulnerabilities
The Mplayer team reports: A buffer overflow was found in the code used to extract album titles from CDDB server answers. When parsing answers from the CDDB server, the album title is copied into a fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious...
drupal -- cross site scripting (register_globals)
The Drupal Project reports: When theme .tpl.php files are accessible via the web and the PHP setting registerglobals is set to enabled, anonymous users are able to execute cross site scripting attacks via specially crafted links. Drupal's .htaccess attempts to set registerglobals to disabled and...
py-django -- denial of service vulnerability
Django project reports: A per-process cache used by Django's internationalization "i18n" system to store the results of translation lookups for particular values of the HTTP Accept-Language header used the full value of that header as a key. An attacker could take advantage of this by sending...
gallery2 -- multiple vulnerabilities
Gallery project reports: Gallery 2.2.3 addresses the following security vulnerabilities: Unauthorized renaming of items possible with WebDAV reported by Merrick Manalastas Unauthorized modification and retrieval of item properties possible with WebDAV Unauthorized locking and replacing of items...
mysql -- remote dos via malformed password packet
MySQL reports: A malformed password packet in the connection protocol could cause the server to crash...