6585 matches found
ansible -- local symlink exploits
MITRE reports: runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/. lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does no...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 25 security fixes in this release, including: 181617 High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. 254159 Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian...
gallery -- multiple vulnerabilities
Red Hat Security Response Team reports: Gallery upstream has released 3.0.9 version, correcting two security flaws: Issue 1 - Improper stripping of URL fragments in flowplayer SWF file might lead to reply attacks a different flaw than CVE-2013-2138. Issue 2 - gallery3: Multiple information exposu...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: Miscellaneous memory safety hazards rv:22.0 / rv:17.0.7 Title: Memory corruption found using Address Sanitizer Privileged content access and execution via XBL Arbitrary code execution within Profiler Execution of unmapped memory through onreadystatechange Data in the...
otrs -- information disclosure
The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
socat -- FD leak
Gerhard Rieger reports: Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode...
PHP5 -- Integer overflow in Calendar module
The PHP development team reports: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang via a large argument to the jdtojewish function...
RT -- multiple vulnerabilities
Thomas Sibley reports: We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities address...
firebird -- Remote Stack Buffer Overflow
Firebird Project reports: The FirebirdSQL server is vulnerable to a stack buffer overflow that can be triggered when an unauthenticated user sends a specially crafted packet. The result can lead to remote code execution as the user which runs the FirebirdSQL server...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 151008 High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG. 170532 Medium CVE-2013-0840: Missing URL validation when opening new windows. 169770 High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google...
asterisk -- multiple vulnerabilities
Asterisk project reports: Crashes due to large stack allocations when using TCP Denial of Service Through Exploitation of Device State Caching...
ruby -- Hash-flooding DoS vulnerability for ruby 1.9
The official ruby site reports: Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web application that parses the JSON data sent from...
weechat -- Crash or freeze when decoding IRC colors in strings
Sebastien Helleu reports: A buffer overflow is causing a crash or freeze of WeeChat when decoding IRC colors in strings. Workaround for a non-patched version: /set irc.network.colorsreceive off...
RT -- Multiple Vulnerabilities
BestPractical report: All versions of RT are vulnerable to an email header injection attack. Users with ModifySelf or AdminUser can cause RT to add arbitrary headers or content to outgoing mail. Depending on the scrips that are configured, this may be be leveraged for information leakage or...
moinmoin -- wrong processing of group membership
MoinMoin developers report: If you have group NAMES containing "All" or "Known" or "Trusted", they behaved wrong until now they erroneously included All/Known/Trusted users even if you did not list them as members, but will start working correctly with this changeset. E.g. AllFriendsGroup: JoeDoe...
phpMyAdmin -- Path disclosure due to missing library
The phpMyAdmin development team reports: The showconfigerrors.php script does not include a library, so an error message shows the full path of this file, leading to possible further attacks...
libcloud -- possible SSL MITM due to invalid regexp used to validate target server hostname
The libcloud development team reports: When establishing a secure SSL / TLS connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked an an acceptable match for the given...
foswiki -- Script Insertion Vulnerability via unchecked user registration fields
Foswiki team reports: When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as "FirstName" or "OrganisationName". By design, Foswiki's normal editing features allow...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: Multiple Priority 2 vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
vlc -- arbitrary code execution in Real RTSP and MMS support
Jean-Baptiste Kempf, on behalf of the VideoLAN project reports: If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution could be possible on some systems...
spamdyke -- Buffer Overflow Vulnerabilities
Secunia reports: Fixed a number of very serious errors in the usage of snprintf/vsnprintf. The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size...
phpMyAdmin -- multiple XSS vulnerabilities
The phpMyAdmin development team reports: Multiple XSS in the Tracking feature...
BIND -- Remote DoS against authoritative and recursive servers
ISC reports: A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers...
linux-flashplugin -- cross-site scripting vulnerability
Adobe Product Security Incident Response Team reports: An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site...
torcs -- untrusted local library loading
TORCS News reports: An insecure change to LDLIBRARYPATH allows loading of libraries in directories other than the standard paths. This can be a problem when downloading and installing untrusted content from the Internet...
phpmyadmin -- Several XSS vulnerabilities
phpMyAdmin Team reports: It was possible to conduct a XSS attack using crafted URLs org POST parameters on several pages...
fetchmail -- denial of service vulnerability
Fetchmail developer Matthias Andree reported a vulnerability that allows remote attackers to crash the application when it is runs in verbose mode. Fetchmail before release 6.3.17 did not properly sanitize external input mail headers and UID. When a multi-character locale such as UTF-8 was in use...
drupal -- multiple cross-site scripting
Drupal Team reports: The Contact module does not correctly handle certain user input when displaying category information. Users privileged to create contact categories can insert arbitrary HTML and script code into the contact module administration page. Such a cross-site scripting attack may le...
BIND -- Dynamic update message remote DoS
Problem Description: When named8 receives a specially crafted dynamic update message an internal assertion check is triggered which causes named8 to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set RRset for this...
mozilla -- corrupt JIT state after deep return from native function
Mozilla Project reports: Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape, the Just-in-Time JIT compiler could get into a corrupt state. This could be exploited b...
ruby -- BigDecimal denial of service vulnerability
The official ruby site reports: A denial of service DoS vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults. An attacker can cause a denial of servi...
libsndfile -- multiple vulnerabilities
Secunia reports: Two vulnerabilities have been reported in libsndfile, which can be exploited by malicious people to compromise an application using the library. A boundary error exists within the "vocreadheader" function in src/voc.c. This can be exploited to cause a heap-based buffer overflow v...
ghostscript -- buffer overflow vulnerability
SecurityFocus reports: Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary dat...
tor -- unspecified memory corruption vulnerability
Secunia reports: A vulnerability with an unknown impact has been reported in Tor. The vulnerability is caused due to an unspecified error and can be exploited to trigger a heap corruption. No further information is currently available...
twiki -- multiple vulnerabilities
Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report: XSS vulnerability with URLPARAM variable SEARCH variable allows arbitrary shell command execution...
vlc -- arbitrary code execution in the RealMedia processor
Tobias Klein from TrapKit reports: The VLC media player contains an integer overflow vulnerability while parsing malformed RealMedia .rm files. The vulnerability leads to a heap overflow that can be exploited by a remote attacker to execute arbitrary code in the context of VLC media player...
wordpress -- header rss feed script insertion vulnerability
Secunia reports: Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed...
amaya -- multiple buffer overflow vulnerabilities
Secunia reports: A boundary error when processing "div" HTML tags can be exploited to cause a stack-based buffer overflow via an overly long "id" parameter. A boundary error exists when processing overly long links. This can be exploited to cause a stack-based buffer overflow by tricking the user...
hplip -- hpssd Denial of Service
Secunia reports: A security issue has been reported in hplip, which can be exploited by malicious, local users to cause a DoS. The security issue is caused due to an error within hpssd.py when parsing certain requests. This can be exploited to crash the service by sending specially crafted reques...
phpmyadmin -- Shared Host Information Disclosure
A phpMyAdmin security announcement report: It is possible to read the contents of any file that the web server's user can access. The exact mechanism to achieve this won't be disclosed. If a user can upload on the same host where phpMyAdmin is running a PHP script that can read files with the...
firefox -- javascript garbage collector vulnerability
Mozilla Foundation reports: Fixes for security problems in the JavaScript engine described in MFSA 2008-15 introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstrati...
lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability
Secunia reports: A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of...
ikiwiki -- improper symlink verification vulnerability
The ikiwiki development team reports: Ikiwiki did not check if path to the srcdir to contained a symlink. If an attacker had commit access to the directories in the path, they could change it to a symlink, causing ikiwiki to read and publish files that were not intended to be published. But not...
perdition -- str_vwrite format string vulnerability
SEC-Consult reports: Perdition IMAP is affected by a format string bug in one of its IMAP output-string formatting functions. The bug allows the execution of arbitrary code on the affected server. A successful exploit does not require prior authentication...
p5-Net-DNS -- multiple Vulnerabilities
A Secunia Advisory reports: An error exists in the handling of DNS queries where IDs are incremented with a fixed value and are additionally used for child processes in a forking server. This can be exploited to poison the DNS cache of an application using the module if a valid ID is guessed. An...
libarchive -- Infinite loop in corrupt archives handling in libarchive
Problem Description: If the end of an archive is reached while attempting to "skip" past a region of an archive, libarchive will enter an infinite loop wherein it repeatedly attempts and fails to read further data. Impact: An attacker able to cause a system to extract via "tar -x" or another...
drupal -- cross site request forgeries
The Drupal Team reports: Visiting a specially crafted page, anywhere on the web, may allow that page to post forms to a Drupal site in the context of the visitor's session. To illustrate; suppose one has an active user 1 session, the most powerful administrator account for a site, to a Drupal sit...
mysql -- database "case-sensitive" privilege escalation
Michal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permission...
zope -- information disclosure vulnerability
Zope team reports: Unspecified vulnerability in Zope2 allows local users to obtain sensitive information via unknown attack vectors related to the docutils module and "restructured text"...