6585 matches found
php -- use-after-free vulnerability
Symeon Paraschoudis reports: Use-after-free vulnerability in splrecursiveitmoveforwardex...
cURL -- sensitive HTTP server headers also sent to proxies
cURL reports: libcurl provides applications a way to set custom HTTP headers to be sent to the server by using CURLOPTHTTPHEADER. A similar option is available for the curl command-line tool with the '--header' option. When the connection passes through an HTTP proxy the same set of headers is se...
FreeBSD -- Denial of Service with IPv6 Router Advertisements
Problem Description: The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the FreeBSD system. Impact: When the Current Hop Limit similar to IPv4's TTL is small...
cpio -- multiple vulnerabilities
From the Debian Security Team: Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitra...
cabextract -- directory traversal with UTF-8 symbols in filenames
Cabextract ChangeLog reports: It was possible for cabinet files to extract to absolute file locations, and it was possible on Cygwin to get around cabextract's absolute and relative path protections by using backslashes...
privoxy -- multiple vulnerabilities
Privoxy Developers reports: Fixed a DoS issue in case of client requests with incorrect chunk-encoded body. When compiled with assertions enabled the default they could previously cause Privoxy to abort. Reported by Matthew Daley. CVE-2015-1380. Fixed multiple segmentation faults and memory leaks...
libssh2 -- denial of service vulnerability
Mariusz Ziulek reports: A malicious attacker could man in the middle a real server and cause libssh2 using clients to crash denial of service or otherwise read and use completely unintended memory areas in this process...
kde-runtime -- incorrect CBC encryption handling
Valentin Rusu reports: Until KDE Applications 14.12.0, kwalletd incorrectly handled CBC encryption blocks when encrypting secrets in kwl files. The secrets were still encrypted, but the result binary data corresponded to an ECB encrypted block instead of CBC. The ECB encryption algorithm, even if...
libmspack -- frame_end overflow which could cause infinite loop
There is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable. MITRE reports: Integer overflow in the qtmddecompress function in libmspack 0.4 allows remote attackers to cause a denial of service hang via a crafted CAB file, which...
Konversation -- out-of-bounds read on a heap-allocated array
Konversation developers report: Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user...
phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page.
The phpMyAdmin development team reports: With a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries. This vulnerability can be triggered only by someone who is logged in to...
dbus -- multiple vulnerabilities
Simon McVittie reports: Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's support for file descriptor passing. A malicious process could force system services or user applications to be disconnected from the D-Bus system bus by sending them a message containing a file descriptor,...
otrs -- multiple vulnerabilities
The OTRS Project reports: SQL injection issue An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks...
strongswan -- multiple DoS vulnerabilities
strongSwan Project reports: A DoS vulnerability triggered by crafted IKEv1 fragmentation payloads was discovered in strongSwan's IKE daemon charon. All versions since 5.0.2 are affected. A DoS vulnerability and potential authorization bypass triggered by a crafted IDDERASN1DN ID payload was...
ansible -- local symlink exploits
MITRE reports: runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/. lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does no...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 25 security fixes in this release, including: 181617 High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. 254159 Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian...
gallery -- multiple vulnerabilities
Red Hat Security Response Team reports: Gallery upstream has released 3.0.9 version, correcting two security flaws: Issue 1 - Improper stripping of URL fragments in flowplayer SWF file might lead to reply attacks a different flaw than CVE-2013-2138. Issue 2 - gallery3: Multiple information exposu...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: Miscellaneous memory safety hazards rv:22.0 / rv:17.0.7 Title: Memory corruption found using Address Sanitizer Privileged content access and execution via XBL Arbitrary code execution within Profiler Execution of unmapped memory through onreadystatechange Data in the...
otrs -- information disclosure
The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
socat -- FD leak
Gerhard Rieger reports: Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode...
PHP5 -- Integer overflow in Calendar module
The PHP development team reports: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service application hang via a large argument to the jdtojewish function...
RT -- multiple vulnerabilities
Thomas Sibley reports: We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities address...
firebird -- Remote Stack Buffer Overflow
Firebird Project reports: The FirebirdSQL server is vulnerable to a stack buffer overflow that can be triggered when an unauthenticated user sends a specially crafted packet. The result can lead to remote code execution as the user which runs the FirebirdSQL server...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 151008 High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG. 170532 Medium CVE-2013-0840: Missing URL validation when opening new windows. 169770 High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google...
asterisk -- multiple vulnerabilities
Asterisk project reports: Crashes due to large stack allocations when using TCP Denial of Service Through Exploitation of Device State Caching...
ruby -- Hash-flooding DoS vulnerability for ruby 1.9
The official ruby site reports: Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web application that parses the JSON data sent from...
weechat -- Crash or freeze when decoding IRC colors in strings
Sebastien Helleu reports: A buffer overflow is causing a crash or freeze of WeeChat when decoding IRC colors in strings. Workaround for a non-patched version: /set irc.network.colorsreceive off...
RT -- Multiple Vulnerabilities
BestPractical report: All versions of RT are vulnerable to an email header injection attack. Users with ModifySelf or AdminUser can cause RT to add arbitrary headers or content to outgoing mail. Depending on the scrips that are configured, this may be be leveraged for information leakage or...
moinmoin -- wrong processing of group membership
MoinMoin developers report: If you have group NAMES containing "All" or "Known" or "Trusted", they behaved wrong until now they erroneously included All/Known/Trusted users even if you did not list them as members, but will start working correctly with this changeset. E.g. AllFriendsGroup: JoeDoe...
phpMyAdmin -- Path disclosure due to missing library
The phpMyAdmin development team reports: The showconfigerrors.php script does not include a library, so an error message shows the full path of this file, leading to possible further attacks...
libcloud -- possible SSL MITM due to invalid regexp used to validate target server hostname
The libcloud development team reports: When establishing a secure SSL / TLS connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked an an acceptable match for the given...
WebCalendar -- multiple vulnerabilities
Hanno Boeck reports: Fixes are now available for various security vulnerabilities including LFI local file inclusion, XSS cross site scripting and others...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: Multiple Priority 2 vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
vlc -- arbitrary code execution in Real RTSP and MMS support
Jean-Baptiste Kempf, on behalf of the VideoLAN project reports: If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution could be possible on some systems...
spamdyke -- Buffer Overflow Vulnerabilities
Secunia reports: Fixed a number of very serious errors in the usage of snprintf/vsnprintf. The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size...
phpMyAdmin -- multiple XSS vulnerabilities
The phpMyAdmin development team reports: Multiple XSS in the Tracking feature...
BIND -- Remote DoS against authoritative and recursive servers
ISC reports: A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers...
linux-flashplugin -- cross-site scripting vulnerability
Adobe Product Security Incident Response Team reports: An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site...
torcs -- untrusted local library loading
TORCS News reports: An insecure change to LDLIBRARYPATH allows loading of libraries in directories other than the standard paths. This can be a problem when downloading and installing untrusted content from the Internet...
phpmyadmin -- Several XSS vulnerabilities
phpMyAdmin Team reports: It was possible to conduct a XSS attack using crafted URLs org POST parameters on several pages...
fetchmail -- denial of service vulnerability
Fetchmail developer Matthias Andree reported a vulnerability that allows remote attackers to crash the application when it is runs in verbose mode. Fetchmail before release 6.3.17 did not properly sanitize external input mail headers and UID. When a multi-character locale such as UTF-8 was in use...
drupal -- multiple cross-site scripting
Drupal Team reports: The Contact module does not correctly handle certain user input when displaying category information. Users privileged to create contact categories can insert arbitrary HTML and script code into the contact module administration page. Such a cross-site scripting attack may le...
pidgin -- MSN overflow parsing SLP messages
Secunia reports: A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the "msnslplinkprocessmsg" function when processing MSN SLP messages and can be exploited to corrupt...
BIND -- Dynamic update message remote DoS
Problem Description: When named8 receives a specially crafted dynamic update message an internal assertion check is triggered which causes named8 to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set RRset for this...
ruby -- BigDecimal denial of service vulnerability
The official ruby site reports: A denial of service DoS vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults. An attacker can cause a denial of servi...
libsndfile -- multiple vulnerabilities
Secunia reports: Two vulnerabilities have been reported in libsndfile, which can be exploited by malicious people to compromise an application using the library. A boundary error exists within the "vocreadheader" function in src/voc.c. This can be exploited to cause a heap-based buffer overflow v...
ghostscript -- buffer overflow vulnerability
SecurityFocus reports: Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary dat...
tor -- unspecified memory corruption vulnerability
Secunia reports: A vulnerability with an unknown impact has been reported in Tor. The vulnerability is caused due to an unspecified error and can be exploited to trigger a heap corruption. No further information is currently available...
twiki -- multiple vulnerabilities
Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report: XSS vulnerability with URLPARAM variable SEARCH variable allows arbitrary shell command execution...