6585 matches found
botan -- cryptographic vulnerability
MITRE reports: The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group...
mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection
Jan Kundrát reports: An SSL stripping vulnerability was discovered in Trojitá, a fast Qt IMAP e-mail client. User's credentials are never leaked, but if a user tries to send an e-mail, the automatic saving into the "sent" or "draft" folders could happen over a plaintext connection even if the...
FreeBSD -- Cross-mount links between nullfs(5) mounts
Problem Description: The nullfs5 implementation of the VOPLINK9 VFS operation does not check whether the source and target of the link are both in the same nullfs instance. It is therefore possible to create a hardlink from a location in one nullfs instance to a file in another, as long as the...
FreeBSD -- Insufficient credential checks in network ioctl(2)
Problem Description: As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume tha...
ruby-gems -- Algorithmic Complexity Vulnerability
Ruby Gem developers report: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption...
lcms2 -- Null Pointer Dereference Denial of Service Vulnerability
Mageia security team reports: It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash CVE-2013-4160...
passenger -- security vulnerability
The Phusion reports: A denial of service and arbitrary code execution by hijacking temp files. CVE-2013-2119...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
WebCalendar -- multiple vulnerabilities
Hanno Boeck reports: Fixes are now available for various security vulnerabilities including LFI local file inclusion, XSS cross site scripting and others...
nginx -- Buffer overflow in the ngx_http_mp4_module
The nginx project reports: Buffer overflow in the ngxhttpmp4module...
phpList -- SQL injection and XSS vulnerability
Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...
xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled
Thomas Swan reports: xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 1, if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose all enabled...
isc-dhcp-server -- Remote DoS
ISC reports: A bug exists which allows an attacker who is able to send DHCP Request packets, either directly or through a relay, to remotely crash an ISC DHCP server if that server is configured to evaluate expressions using a regular expression i.e. uses the "=" or "" comparison operators...
BIND -- Remote DOS
The Internet Systems Consortium reports: Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST! dnsrdatasetisassociatedsigrdataset"...
gnutls -- client session resumption vulnerability
The GnuTLS team reports: GNUTLS-SA-2011-2 Possible buffer overflow/Denial of service...
libXfont -- possible local privilege escalation
Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege...
mod_perl2 -- execute arbitrary Perl code
modperl2 2.0.11 fixes Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configurati...
Asterisk -- multiple vulnerabilities
The Asterisk Development Team reports: AST-2011-008: If a remote user sends a SIP packet containing a NULL, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end ...
linux-flashplugin -- remote code execution vulnerability
Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption...
rt -- multiple vulnerabilities
Best Practical reports: In the process of preparing the release of RT 4.0.0, we performed an extensive security audit of RT's source code. During this audit, several vulnerabilities were found which affect earlier releases of RT...
redmine -- XSS vulnerability
Jean-Philippe Lang reports: This maintenance release for 1.1.x users includes 13 bug fixes since 1.1.1 and a security fix XSS vulnerability affecting all Redmine versions from 1.0.1 to 1.1.1...
Samba -- Denial of service - memory corruption
The Samba team reports: Samba is vulnerable to a denial of service, caused by a memory corruption error related to missing range checks on file descriptors being used in the "FDSET" macro. By performing a select on a bad file descriptor set, a remote attacker could exploit this vulnerability to...
tor -- remote code execution and crash
The Tor Project reports: A remote heap overflow vulnerability that can allow remote code execution. Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. All Tor users should upgrade...
krb5 -- RFC 3961 key-derivation checksum handling vulnerability
The MIT Kerberos team reports: MIT krb5 releases incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying AD-SIGNEDPATH and AD-KDC-ISSUED authorization data. An authenticated remote attacker that controls a legitimate service principal has a 1/256 chance of forging the...
p5-libwww -- possibility to remote servers to create file with a .(dot) character
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a .' dot character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and...
awstats -- arbitrary commands execution vulnerability
Awstats change log reports: Security fix Traverse directory of LoadPlugin Security fix Limit config to defined directory to avoid access to external config file via a nfs or webdav link...
irc-ratbox -- multiple vulnerabilities
SecurityFocus reports: The first affects the /quote HELP module and allows a user to trigger an IRCD crash on some platforms. The second affects the /links processing module when the flattenlinks configuration option is not enabled...
ruby -- heap overflow vulnerability
The official ruby site reports: There is a heap overflow vulnerability in Stringljust, Stringcenter and Stringrjust. This has allowed an attacker to run arbitrary code in some rare cases...
wordpress -- multiple vulnerabilities
secunia reports: The security issue is caused due to the wpcheckfiletype function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. Successful exploitation of this...
cyrus-imapd -- Potential buffer overflow in Sieve
The Cyrus IMAP Server ChangeLog states: Fixed CERT VU336053 - Potential buffer overflow in Sieve...
pidgin -- MSN overflow parsing SLP messages
Secunia reports: A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the "msnslplinkprocessmsg" function when processing MSN SLP messages and can be exploited to corrupt...
samba -- potential leakage of arbitrary memory contents
Samba Team reports: Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to...
bitlbee -- account recreation security issues
Secunia reports: Some security issues have been reported in BitlBee, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts. The security issues are caused due to unspecified errors, which can be exploited to overwrite existing accounts...
p5-UI-Dialog -- shell command execution vulnerability
Matthijs Kooijman reports: It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a...
opera -- multiple vulnerabilities
The Opera Team reports: Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to...
drupal -- multiple vulnerabilities
The Drupal Project reports: A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by the browser, enabling malicious users with the ability to uplo...
openvpn-devel -- arbitrary code execution
James Yonan reports: Security Fix - affects non-Windows OpenVPN clients running OpenVPN 2.1-beta14 through 2.1-rc8 OpenVPN 2.0.x clients are NOT vulnerable nor are any versions of the OpenVPN server vulnerable. An OpenVPN client connecting to a malicious or compromised server could potentially...
libxine -- denial of service vulnerability
xine team reports: A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files CVE-2008-3231, some related fixes, and fixes for a few possible buffer overflows...
ikiwiki -- empty password security hole
The ikiwiki development team reports: This hole allowed ikiwiki to accept logins using empty passwords to openid accounts that didn't use a password. Upgrading to a non-vulnerable ikiwiki version immediatly is recommended if your wiki allows both password and openid logins...
Nagios -- Cross Site Scripting Vulnerability
Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks...
vorbis-tools -- Speex header processing vulnerability
Secunia reports: A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing Speex headers, which can be exploited via a specially crafted Spee...
clamav -- Multiple Vulnerabilities
Secunia reports: Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. 1 A boundary error exists within the "cliscanpe" function in libclamav/pe.c. This can be exploited to cause a...
phpmyadmin -- SQL injection vulnerability
A phpMyAdmin security announcement report: phpMyAdmin used the $REQUEST superglobal as a source for its parameters, instead of $GET and $POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere. Another application could set a cookie for t...
libxine -- buffer overflow vulnerability
xine project reports: A new xine-lib version is now available. This release contains a security fix remotely-expoitable buffer overflow, CVE-2006-1664. This is not the first time that that bug has been fixed... It also fixes a few more recent bugs, such as the audio output problems in 1.1.9...
claws-mail -- insecure temporary file creation
Nico Golde reports: A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail...
firefox -- multiple remote unspecified memory corruption vulnerabilities
Mozilla Foundation reports: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to...
phpmyadmin -- Cross Site Scripting
phpMyAdmin security announcement: The login page authtype cookie was vulnerable to XSS via the convcharset parameter. An attacker could use this to execute malicious code on the visitors computer...
wordpress -- cross-site scripting
A Secunia Advisory report: Input passed to the "postscolumns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
mediawiki -- cross site scripting vulnerability
The MediaWiki development team reports: A possible HTML/XSS injection vector in the API pretty-printing mode has been found and fixed. The vulnerability may be worked around in an unfixed version by simply disabling the API interface if it is not in use, by adding this to LocalSettings.php:...