6583 matches found
django -- multiple vulnerabilities
The Django project reports: In accordance with our security release policy, the Django team is issuing multiple releases -- Django 1.4.20, 1.6.11, 1.7.7 and 1.8c1. These releases are now available on PyPI and our download page. These releases address several security issues detailed below. We...
polarssl -- Remote attack using crafted certificates
PolarSSL team reports: During the parsing of a ASN.1 sequence, a pointer in the linked list of asn1sequence is not initialized by asn1getsequenceof. In case an error occurs during parsing of the list, a situation is created where the uninitialized pointer is passed to polarsslfree. This sequence...
privoxy -- multiple vulnerabilities
Privoxy Developers reports: Fixed a memory leak when rejecting client connections due to the socket limit being reached CID 66382. This affected Privoxy 3.0.21 when compiled with IPv6 support on most platforms this is the default. Fixed an immediate-use-after-free bug CID 66394 and two additional...
p7zip -- directory traversal vulnerability
Alexander Cherepanov reports: 7z and 7zr is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directo...
kwebkitpart, kde-runtime -- insufficient input validation
Albert Aastals Cid reports: kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname. Whilst in most cases, the JavaScript will be executed in an untrusted context, with the bookmarks IO slav...
FreeBSD -- Kernel stack disclosure in setlogin(2) / getlogin(2)
Problem Description: When setlogin2 is called while setting up a new login session, the login name is copied into an uninitialized stack buffer, which is then copied into a buffer of the same size in the session structure. The getlogin2 system call returns the entire buffer rather than just the...
phpMyAdmin -- XSS vulnerabilities
The phpMyAdmin development team reports: With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from...
NSS -- RSA Signature Forgery
The Mozilla Project reports: Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...
ansible -- code execution from compromised remote host data or untrusted local data
Ansible, Inc. reports: Arbitrary execution from data from compromised remote hosts or untrusted local data - resolved in Ansible 1.6.7...
dbus -- local DoS
Simon MvVittie reports: Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to...
qt4-xml -- XML Entity Expansion Denial of Service
Richard J. Moore reports: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application...
zabbix -- shell command injection vulnerability
Recurity Labs Team project reports: Zabbix agent is vulnerable to remote command execution from the Zabbix server in some cases...
monitorix -- serious bug in the built-in HTTP server
Monitorix Project reports: A serious bug in the built-in HTTP server. It was discovered that the handlerequest routine did not properly perform input sanitization which led into a number of security vulnerabilities. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary...
mod_pagespeed -- critical cross-site scripting (XSS) vulnerability
modpagespeed developers report: Various versions of modpagespeed are subject to critical cross-site scripting XSS vulnerability, CVE-2013-6111. This permits a hostile third party to execute JavaScript in users' browsers in context of the domain running modpagespeed, which could permit theft of...
FreeBSD -- Insufficient credential checks in network ioctl(2)
Problem Description: As is commonly the case, the IPv6 and ATM network layer ioctl request handlers are written in such a way that an unrecognized request is passed on unmodified to the link layer, which will either handle it or return an error code. Network interface drivers, however, assume tha...
typo3 -- Multiple vulnerabilities in TYPO3 Core
Typo Security Team reports: TYPO3 Backend History Module - Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability. Credits go to Thomas Worm who discovered and reported the...
phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack
The phpMyAdmin development team reports: When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.net website in...
freeradius -- arbitrary code execution for TLS-based authentication
freeRADIUS security team reports: Overflow in EAP-TLS for 2.1.10, 2.1.11 and 2.1.12. The issue was found by Timo Warns, and communicated to [email protected]. A sample exploit for the issue was included in the notification. The vulnerability was created in commit a368a6f4f4aaf on August 18,...
FreeBSD -- named(8) DNSSEC validation Denial of Service
Problem description: BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries...
libexif -- multiple remote vulnerabilities
libexif project security advisory: A number of remotely exploitable issues were discovered in libexif and exif, with effects ranging from information leakage to potential remote code execution...
libxml2 -- heap buffer overflow
Google chrome team reports: Heap-based buffer overflow in libxml2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
plib -- remote code execution via buffer overflow
Secunia reports: A vulnerability has been discovered in PLIB, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "ulSetError" function src/util/ulError.cxx when creating the error message, which...
dovecot -- denial of service vulnerability
Timo Sirainen reports: Fixed potential crashes and other problems when parsing header names that contained NUL characters...
FreeBSD -- Network ACL mishandling in mountd(8)
Problem Description: While parsing the exports5 table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as "-network 192.0.2.0/23" would resu...
krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled
An advisory published by the MIT Kerberos team says: The MIT Kerberos 5 Key Distribution Center KDC daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication PKINIT capability is enabled, resulting in daemon crash or arbitrary code execution which i...
exim -- local privilege escalation
exim.org reports: CVE-2011-0017 - check return value of setuid/setgid. This is a privilege escalation vulnerability whereby the Exim run-time user can cause root to append content of the attacker's choosing to arbitrary files...
rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability
Secunia reports: Input passed via an email from address is not properly sanitised in the "deliver" function lib/mail/network/deliverymethods/sendmail.rb before being used as a command line argument. This can be exploited to inject arbitrary shell commands...
sudo -- Flaw in Runas group matching
Todd Miller reports: Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option run as group. A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified run as user. This...
firefox -- Dangling pointer crash regression from plugin parameter array fix
The Mozilla Project reports: MFSA 2010-48 Dangling pointer crash regression from plugin parameter array fix...
Zend Framework -- security issues in bundled Dojo library
The Zend Framework team reports: Several files in the bundled Dojo library were identified as having potential exploits, and the Dojo team also advised disabling or removing any PHP scripts in the Dojo library tree when deploying to production...
drupal -- multiple vulnerabilities
Drupal Team reports: A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed. The API function drupalgoto is susceptible to a phishing attack. An...
rt -- Session fixation vulnerability
Secunia reports: A vulnerability has been reported in RT, which can be exploited by malicious people to conduct session fixation attacks. The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging...
opera -- multiple vulnerabilities
Opera Team Reports: Fixed an issue where certain domain names could allow execution of arbitrary code, as reported by Chris Weber of Casaba Security Fixed an issue where scripts can run on the feed subscription page, as reported by Inferno...
phpmyadmin -- XSS and SQL injection vulnerabilities
phpMyAdmin Team reports: Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. SQL injection vulnerability allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature...
phpmyadmin -- XSS vulnerability
The phpMyAdmin project reports: It was possible to conduct an XSS attack via a crafted SQL bookmark. All 3.x releases on which the "bookmarks" feature is active are affected, previous versions are not...
slim -- local disclosure of X authority magic cookie
Secunia reports: A security issue has been reported in SLiM, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application generating the X authority file by passing the X authority cookie via the command line to "xauth"...
eggdrop -- denial of service vulnerability
Secunia reports: The vulnerability is caused due to an error in the processing of private messages within the server module /mod/server.mod/servrmsg.c. This can be exploited to cause a crash by sending a specially crafted message to the bot...
cyrus-sasl -- buffer overflow vulnerability
US-CERT reports: The saslencode64 function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the saslencode64 function...
gstreamer-plugins-good -- multiple memory overflows
Secunia reports: Tobias Klein has reported some vulnerabilities in GStreamer Good Plug-ins, which can potentially be exploited by malicious people to compromise a vulnerable system. A boundary error occurs within the "qtdemuxparsesamples" function in gst/gtdemux/qtdemux.c when performing QuickTim...
roundcube -- webmail script insertion and php code injection
Secunia reports: Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML "background" attribute within e.g. HT...
phplist -- local file inclusion vulnerability
Secunia reports: Input passed to the "SERVERConfigFile" parameter in admin/index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources...
drupal -- multiple vulnerabilities
The Drupal Project reports: On a server configured for IP-based virtual hosts, Drupal may be caused to include and execute specifically named files outside of its root directory. This bug affects both Drupal 5 and Drupal 6. The title of book pages is not always properly escaped, enabling users wi...
bitlbee -- account recreation security issues
Secunia reports: Some security issues have been reported in BitlBee, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts. The security issues are caused due to unspecified errors, which can be exploited to overwrite existing accounts...
django -- XSS vulnerability
Django project reports: The Django administration application will, when accessed by a user who is not sufficiently authenticated, display a login form and ask the user to provide the necessary credentials before displaying the requested page. This form will be submitted to the URL the user...
mailman -- script insertion vulnerability
Secunia reports: A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert...
xfce -- multiple vulnerabilities
Gentoo reports: A remote attacker could entice a user to install a specially crafted "rc" file to execute arbitrary code via long strings in the "Name" and "Comment" fields or via unspecified vectors involving the second vulnerability...
drupal -- SQL injection vulnerability
The Drupal Project reports: The function taxonomyselectnodes directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomyselectnodes, this is a weakness in Drupal core. Several contributed modules, such as...
vlc -- format string vulnerability and integer overflow
isecpartners reports: VLC is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized...
libvorbis -- Multiple memory corruption flaws
isecpartners reports: libvorbis contains several vulnerabilities allowing heap overwrite, read violations and a function pointer overwrite. These bugs cause a at least a denial of service, and potentially code execution...
wordpress -- unmoderated comments disclosure
Blogsecurity reports: An attacker can read comments on posts that have not been moderated. This can be a real security risk if blog admins are using unmoderated comments comments that have not been made public to hide sensitive notes regarding posts, future work, passwords etc. So please be caref...