6585 matches found
WebCalendar -- multiple vulnerabilities
Hanno Boeck reports: Fixes are now available for various security vulnerabilities including LFI local file inclusion, XSS cross site scripting and others...
nginx -- Buffer overflow in the ngx_http_mp4_module
The nginx project reports: Buffer overflow in the ngxhttpmp4module...
phpList -- SQL injection and XSS vulnerability
Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...
xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled
Thomas Swan reports: xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 1, if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose all enabled...
isc-dhcp-server -- Remote DoS
ISC reports: A bug exists which allows an attacker who is able to send DHCP Request packets, either directly or through a relay, to remotely crash an ISC DHCP server if that server is configured to evaluate expressions using a regular expression i.e. uses the "=" or "" comparison operators...
BIND -- Remote DOS
The Internet Systems Consortium reports: Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST! dnsrdatasetisassociatedsigrdataset"...
gnutls -- client session resumption vulnerability
The GnuTLS team reports: GNUTLS-SA-2011-2 Possible buffer overflow/Denial of service...
libXfont -- possible local privilege escalation
Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege...
mod_perl2 -- execute arbitrary Perl code
modperl2 2.0.11 fixes Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configurati...
Asterisk -- multiple vulnerabilities
The Asterisk Development Team reports: AST-2011-008: If a remote user sends a SIP packet containing a NULL, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end ...
linux-flashplugin -- remote code execution vulnerability
Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption...
rt -- multiple vulnerabilities
Best Practical reports: In the process of preparing the release of RT 4.0.0, we performed an extensive security audit of RT's source code. During this audit, several vulnerabilities were found which affect earlier releases of RT...
redmine -- XSS vulnerability
Jean-Philippe Lang reports: This maintenance release for 1.1.x users includes 13 bug fixes since 1.1.1 and a security fix XSS vulnerability affecting all Redmine versions from 1.0.1 to 1.1.1...
Samba -- Denial of service - memory corruption
The Samba team reports: Samba is vulnerable to a denial of service, caused by a memory corruption error related to missing range checks on file descriptors being used in the "FDSET" macro. By performing a select on a bad file descriptor set, a remote attacker could exploit this vulnerability to...
tor -- remote code execution and crash
The Tor Project reports: A remote heap overflow vulnerability that can allow remote code execution. Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. All Tor users should upgrade...
krb5 -- RFC 3961 key-derivation checksum handling vulnerability
The MIT Kerberos team reports: MIT krb5 releases incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying AD-SIGNEDPATH and AD-KDC-ISSUED authorization data. An authenticated remote attacker that controls a legitimate service principal has a 1/256 chance of forging the...
p5-libwww -- possibility to remote servers to create file with a .(dot) character
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a .' dot character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and...
awstats -- arbitrary commands execution vulnerability
Awstats change log reports: Security fix Traverse directory of LoadPlugin Security fix Limit config to defined directory to avoid access to external config file via a nfs or webdav link...
irc-ratbox -- multiple vulnerabilities
SecurityFocus reports: The first affects the /quote HELP module and allows a user to trigger an IRCD crash on some platforms. The second affects the /links processing module when the flattenlinks configuration option is not enabled...
ruby -- heap overflow vulnerability
The official ruby site reports: There is a heap overflow vulnerability in Stringljust, Stringcenter and Stringrjust. This has allowed an attacker to run arbitrary code in some rare cases...
wordpress -- multiple vulnerabilities
secunia reports: The security issue is caused due to the wpcheckfiletype function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. Successful exploitation of this...
cyrus-imapd -- Potential buffer overflow in Sieve
The Cyrus IMAP Server ChangeLog states: Fixed CERT VU336053 - Potential buffer overflow in Sieve...
pidgin -- MSN overflow parsing SLP messages
Secunia reports: A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the "msnslplinkprocessmsg" function when processing MSN SLP messages and can be exploited to corrupt...
samba -- potential leakage of arbitrary memory contents
Samba Team reports: Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to...
p5-UI-Dialog -- shell command execution vulnerability
Matthijs Kooijman reports: It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a...
opera -- multiple vulnerabilities
The Opera Team reports: Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to...
drupal -- multiple vulnerabilities
The Drupal Project reports: A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by the browser, enabling malicious users with the ability to uplo...
openvpn-devel -- arbitrary code execution
James Yonan reports: Security Fix - affects non-Windows OpenVPN clients running OpenVPN 2.1-beta14 through 2.1-rc8 OpenVPN 2.0.x clients are NOT vulnerable nor are any versions of the OpenVPN server vulnerable. An OpenVPN client connecting to a malicious or compromised server could potentially...
libxine -- denial of service vulnerability
xine team reports: A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files CVE-2008-3231, some related fixes, and fixes for a few possible buffer overflows...
ikiwiki -- empty password security hole
The ikiwiki development team reports: This hole allowed ikiwiki to accept logins using empty passwords to openid accounts that didn't use a password. Upgrading to a non-vulnerable ikiwiki version immediatly is recommended if your wiki allows both password and openid logins...
Nagios -- Cross Site Scripting Vulnerability
Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks...
vorbis-tools -- Speex header processing vulnerability
Secunia reports: A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing Speex headers, which can be exploited via a specially crafted Spee...
clamav -- Multiple Vulnerabilities
Secunia reports: Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. 1 A boundary error exists within the "cliscanpe" function in libclamav/pe.c. This can be exploited to cause a...
phpmyadmin -- SQL injection vulnerability
A phpMyAdmin security announcement report: phpMyAdmin used the $REQUEST superglobal as a source for its parameters, instead of $GET and $POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere. Another application could set a cookie for t...
libxine -- buffer overflow vulnerability
xine project reports: A new xine-lib version is now available. This release contains a security fix remotely-expoitable buffer overflow, CVE-2006-1664. This is not the first time that that bug has been fixed... It also fixes a few more recent bugs, such as the audio output problems in 1.1.9...
claws-mail -- insecure temporary file creation
Nico Golde reports: A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail...
firefox -- multiple remote unspecified memory corruption vulnerabilities
Mozilla Foundation reports: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to...
phpmyadmin -- Cross Site Scripting
phpMyAdmin security announcement: The login page authtype cookie was vulnerable to XSS via the convcharset parameter. An attacker could use this to execute malicious code on the visitors computer...
wordpress -- cross-site scripting
A Secunia Advisory report: Input passed to the "postscolumns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
mediawiki -- cross site scripting vulnerability
The MediaWiki development team reports: A possible HTML/XSS injection vector in the API pretty-printing mode has been found and fixed. The vulnerability may be worked around in an unfixed version by simply disabling the API interface if it is not in use, by adding this to LocalSettings.php:...
claws-mail -- POP3 Format String Vulnerability
A Secunia Advisory reports: A format string error in the "incputerror" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but...
joomla -- multiple vulnerabilities
A Secunia Advisory reports: joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...
evolution-data-server -- remote execution of arbitrary code vulnerability
Debian project reports: It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code...
evince -- Buffer Overflow Vulnerability
Secunia reports: A vulnerability has been discovered in Evince, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "getnexttext" function in ps/ps.c. This can be exploited to cause a buffer overflow by e.g...
wv -- Multiple Integer Overflow Vulnerabilities
Secunia reports: Some vulnerabilities have been reported in wvWare, which can be exploited by malicious people to cause a DoS Denial of Service and potentially compromise an application using the library. The vulnerabilities are caused due to integer overflows within the "wvGetLFOrecords" and...
MT -- Search Unspecified XSS
Secunia reports: Arai has reported a vulnerability in Movable Type and Movable Type Enterprise, which can be exploited by malicious people to conduct cross-site scripting attacks. Some unspecified input passed via the search functionality isn't properly sanitised before being returned to the user...
phpbb -- NULL byte injection vulnerability
Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatarpath" parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avatar...
globus -- Multiple tmpfile races
The Globus Alliance reports: The proxy generation tool grid-proxy-init creates the file, secures the file to provide access only to owner and writes proxy to the file. A race condition exists between the opening of the proxy credentials file, and making sure it is safe file to write to. The check...
libmms -- stack-based buffer overflow
Mitre CVE reports: Stack-based buffer overflow in libmms, as used by a MiMMS 0.0.9 and b xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via the 1 sendcommand, 2 stringutf16, 3 getdata, and 4 getmediapacket...
ipsec -- reply attack vulnerability
Problem Description IPsec provides an anti-replay service which when enabled prevents an attacker from successfully executing a replay attack. This is done through the verification of sequence numbers. A programming error in the fastipsec4 implementation results in the sequence number associated...