6583 matches found
phpMyAdmin -- Global variable scope injection
The phpMyAdmin development team reports: The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents...
telepathy-gabble -- TLS verification bypass
Simon McVittie reports: This release fixes a man-in-the-middle attack. If you use an unencrypted connection to a "legacy Jabber" pre-XMPP server, this version of Gabble will not connect until you make one of these configuration changes: . upgrade the server software to something that supports XMP...
OpenVPN -- potential side-channel/timing attack when comparing HMACs
The OpenVPN project reports: OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function...
dns/bind9* -- crash on deliberately constructed combination of records
ISC reports: A deliberately constructed combination of records could cause named to hang while populating the additional section of a response...
GNU gatekeeper -- denial of service
Jan Willamowius reports: GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service connection and thread consumption via a large number of connections...
phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages
The phpMyAdmin development team reports: Using a crafted table name, it was possible to produce a XSS : 1 On the Database Structure page, creating a new table with a crafted name 2 On the Database Structure page, using the Empty and Drop links of the crafted table name 3 On the Table Operations...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 136643 137721 137957 High CVE-2012-2862: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. 136968 137361 High CVE-2012-2863: Out-of-bounds writes in PDF viewer. Credit to...
dns/nsd -- DoS vulnerability from non-standard DNS packet
Marek Vavrusa and Lubos Slovak report: It is possible to crash SIGSEGV a NSD child server process by sending it a non-standard DNS packet from any host on the internet. A crashed child process will automatically be restarted by the parent process, but an attacker may keep the NSD server occupied...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Unauthorized Access Due to a lack of proper validation of the X-FORWARDED-FOR header of an authentication request, an attacker could bypass the current lockout policy used for protection against...
rubygem-mail -- multiple vulnerabilities
rubygem-mail -- multiple vulnerabilities Two issues were fixed. They are a file system traversal in filedelivery method and arbitrary command execution when using exim or sendmail from the command line...
PHP -- crypt() returns only the salt for MD5
PHP development team reports: If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected...
isolate -- local root exploit
Isolate currently suffers from some bad security bugs! These are local root privilege escalation bugs. Thanks to the helpful person who reported them email Chris if you want credit!. We're working to fix them ASAP, but until then, isolate is unsafe and you should uninstall it. Sorry!...
mDNSResponder -- corrupted stack crash when parsing bad resolv.conf
Juli Mallett reports: mdnsd will crash on some systems with a corrupt stack and once that's fixed it will still leak a file descriptor when parsing resolv.conf. The crash is because scanf is used with %10s for a buffer that is only 10 chars long. The buffer size needs increased to 11 chars to hol...
quagga -- two DoS vulnerabilities
Quagga developers report: Quagga 0.99.18 has been released. This release fixes 2 denial of services in bgpd, which can be remotely triggered by malformed AS-Pathlimit or Extended-Community attributes. These issues have been assigned CVE-2010-1674 and CVE-2010-1675. Support for AS-Pathlimit has be...
dovecot -- Insecure directory permissions
Dovecot author reports: Dovecot v1.2.x had been creating basedir and its parents if necessary with 0777 permissions. The basedir's permissions get changed to 0755 automatically at startup, but you may need to chmod the parent directories manually...
Enhanced cTorrent -- stack-based overflow
Securityfocus reports: cTorrent and dTorrent are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Successful exploits allow remote attackers to execute arbitrary...
vlc -- stack overflow in MPA, AVI and ASF demuxer
VideoLAN reports: When parsing a MP4, ASF or AVI file with an overly deep box structure, a stack overflow might occur. It would overwrite the return address and thus redirect the execution flow. If successful, a malicious third party could trigger execution of arbitrary code within the context of...
git -- denial of service vulnerability
SecurityFocus reports: Git is prone to a denial-of-service vulnerability because it fails to properly handle some client requests. Attackers can exploit this issue to cause a daemon process to enter an infinite loop. Repeated exploits may consume excessive system resources, resulting in a denial ...
ejabberd -- cross-site scripting vulnerability
SecurityFocus reports: The ejabberd application is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials...
tor -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Tor, where one has an unknown impact and others can be exploited by malicious people to cause a DoS. An error when running Tor as a directory authority can be exploited to trigger the execution of an infinite loop. An unspecified error...
squid -- remote denial of service vulnerability
Squid security advisory 2009:1 reports: Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client to perform a denial of service attack on the Squid service...
ampache -- insecure temporary file usage
Secunia reports: A security issue has been reported in Ampache, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "gather-messages.sh" script handling temporary files in an insecure manner. This can be...
mediawiki -- multiple vulnerabilities
The MediaWiki development team reports: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input related to uploads i...
optipng -- arbitrary code execution via crafted BMP image
Secunia reports: A vulnerability has been reported in OptiPNG, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the BMP reader and can be exploited to cause a buffer overflow by tricking a user into...
mgetty+sendfax -- symlink attack via insecure temporary files
Debian reports: Faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp. temporary file...
powerdns-recursor -- DNS cache poisoning
If the system random number generator can be predicted by its past output, then an attacker may spoof Recursor to accept mallicious data. This leads to DNS cache poisoning and client redirection...
flyspray -- multiple vulnerabilities
The Flyspray Project reports: Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $SERVER'QUERYSTRING' superglobal, that can be maliciously used to inject arbitrary code into the savesearch javascript function. There is an XSS problem in the history tab, th...
opera -- multiple vulnerabilities
Opera Software ASA reports about multiple security fixes: Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date. Fixed an issue with TLS certificates that could be used to execute arbitrary code, as...
gftp -- multiple vulnerabilities
Gentoo reports: Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. A remote attacker could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name,...
mplayer -- cddb stack overflow
Mplayer Team reports: A stack overflow was found in the code used to handle cddb queries. When copying the album title and category, no checking was performed on the size of the strings before storing them in a fixed-size array. A malicious entry in the database could trigger a stack overflow in...
flac123 -- stack overflow in comment parsing
isecpartners reports: flac123, also known as flac-tools, is vulnerable to a buffer overflow in vorbis comment parsing. This allows for the execution of arbitrary code...
webmin -- cross site scripting vulnerability
Secunia reports: Input passed to unspecified parameters in pamlogin.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
typo3 -- email header injection
Olivier Dobberkau, Andreas Otto, and Thorsten Kahler report: An unspecified error in the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for, e.g. sending spam messages...
NVIDIA UNIX driver -- arbitrary root code execution vulnerability
Rapid7 reports: The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely via a remote X client or an X client which visits a malicious web page. A working proof-of-conce...
drupal-pubcookie -- authentication may be bypassed
The Drupal Project reports: It is possible for a malicious user to spoof a user's identity by bypassing the login redirection mechanism in the pubcookie module. The malicious user may gain the privileges of the user they are spoofing, including the administrative user...
libmusicbrainz -- multiple buffer overflow vulnerabilities
SecurityFocus reports about libmusicbrainz: The libmusicbrainz library is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer. An attacker can exploit these issues to execute...
freeradius -- authentication bypass vulnerability
The freeradius development team reports: A validation issue exists with the EAP-MSCHAPv2 module in all versions from 1.0.0 where the module first appeared to 1.1.0. Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their...
crossfire-server -- denial of service and remote code execution vulnerability
FRSIRT reports: A vulnerability has been identified in CrossFire, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service. This flaw is due to a buffer overflow error in the "oldsocketmode" module that fails to properly handle overly large requests,...
bugzilla -- multiple vulnerabilities
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to disclose sensitive information and conduct script insertion attacks...
IEEE 802.11 -- buffer overflow
Problem description: An integer overflow in the handling of corrupt IEEE 802.11 beacon or probe response frames when scanning for existing wireless networks can result in the frame overflowing a buffer. Impact: An attacker able broadcast a carefully crafted beacon or probe response frame may be...
mambo -- "register_globals" emulation layer overwrite vulnerability
A Secunia Advisory reports: peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system. The vulnerability is caused due to an error in the "registerglobals" emulation layer in...
fetchmail -- fetchmailconf local password exposure
The fetchmail team reports: The fetchmailconf program before and excluding version 1.49 opened the run control file, wrote the configuration to it, and only then changed the mode to 0600 rw-------. Writing the file, which usually contains passwords, before making it unreadable to other users, can...
acroread -- plug-in buffer overflow vulnerability
A Adobe Security Advisory reports: The identified vulnerability is a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader. If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe...
phppgadmin -- "formLanguage" local file inclusion vulnerability
A Secunia Advisory reports: A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information. Input passed to the "formLanguage" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited...
p5-Mail-SpamAssassin -- denial of service vulnerability
Apache SpamAssassin Security Team reports: Apache SpamAssassin 3.0.4 was recently released, and fixes a denial of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The vulnerability allows certain misformatted long message headers to cause spam checking to take a very long time. While th...
tcpdump -- infinite loops in protocol decoding
Problem Description Several tcpdump protocol decoders contain programming errors which can cause them to go into infinite loops. Impact An attacker can inject specially crafted packets into the network which, when processed by tcpdump, could lead to a denial-of-service. After the attack, tcpdump...
ppxp -- local root exploit
A Debian Advisory reports: Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell...
mozilla -- "Wrapped" javascript: urls bypass security checks
A Mozilla Foundation Security Advisory reports: Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...
squid -- DNS lookup spoofing vulnerability
The squid patches page notes: Malicious users may spoof DNS lookups if the DNS client UDP port random, assigned by OS as startup is unfiltered and your network is not protected from IP spoofing...
rkhunter -- insecure temporary file creation
Gentoo reports: Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux Security Team have reported that the checkupdate.sh script and the main rkhunter script insecurely creates several temporary files with predictable filenames. A local attacker could create symbolic links in the...