6585 matches found
FreeBSD -- Kernel memory disclosure in sctp(4)
Problem Description: When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Impact: Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are...
mozilla -- use-after-free in HTML Editor
The Mozilla Project reports: MFSA 2013-29 Use-after-free in HTML Editor...
dbus-glib -- privledge escalation
Sebastian Krahmer reports: A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender message source subject, when the NameOwnerChanged signa...
tinc -- Buffer overflow
tinc-vpn.org reports: Drop packets forwarded via TCP if they are too big...
DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
US-CERT reports: DomainKeys Identified Mail DKIM Verifiers may inappropriately convey message trust when messages are signed using test or small bit signing keys...
asterisk -- multiple vulnerabilities
Asterisk project reports: Asterisk Manager User Unauthorized Shell Access ACL rules ignored when placing outbound calls by certain IAX2 users...
automake -- Insecure 'distcheck' recipe granted world-writable distdir
GNU reports: The recipe of the 'distcheck' target granted temporary world-write permissions on the extracted distdir. This introduced a locally exploitable race condition for those who run "make distcheck" with a non-restrictive umask e.g., 022 in a directory that was accessible by others. A...
joomla -- Privilege Escalation
Joomla! reported a Core Privilege Escalation:: Inadequate checking leads to possible user privilege escalation...
nginx -- potential information leak
nginx development team reports: Matthew Daley recently discovered a security problem which may lead to a disclosure of previously freed memory on specially crafted response from an upstream server, potentially resulting in sensitive information leak...
isc-dhcp-server -- DoS in DHCPv6
ISC reports: Due to improper handling of a DHCPv6 lease structure, ISC DHCP servers that are serving IPv6 address pools AND using Dynamic DNS can encounter a segmentation fault error while updating lease status under certain conditions. The potential exists for this condition to be intentionally...
WebCalendar -- Persistent XSS
tom reports, There is no sanitation on the input of the location variable allowing for persistent XSS...
PuTTY -- Password vulnerability
Simon Tatham reports: PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61. If you log in using SSH-2 keyboard-interactive authentication which is the usual method used by modern servers to request a password, the password you type was accidentally kept in PuTTY's memory for the rest ...
Subversion -- multiple vulnerabilities
Subversion team reports: Subversion's moddavsvn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources. This can lead to a DoS. An exploit has been tested, and tools or users have been observed triggering this problem in the wild. Subversion's...
php -- corruption of $GLOBALS and $this variables via extract() method
Off-by-one error in the sanity validator for the extract method allowed attackers to replace the values of $GLOBALS and $this when mode EXTROVERWRITE was used...
Axis2 -- Cross-site scripting (XSS) vulnerability
Apache Axis2 reports: Apache Axis2 1.7.3 is a security release that contains a fix for CVE-2010-3981. That security vulnerability affects the admin console that is part of the Axis2 Web application and was originally reported for SAP BusinessObjects which includes a version of Axis2. That report...
openx -- remote code execution vulnerability
The OpenX project reported: It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised. This vulnerability exists in the file upload functionality and allows...
kvirc -- multiple vulnerabilities
Two security vulnerabilities have been discovered: Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to...
spamass-milter -- remote command execution vulnerability
The spamassassin milter plugin contains a vulnerability that can allow remote attackers to execute commands on affected systems. The vulnerability can be exploited trough a special-crafted email header when the plugin was started with the '-x' expand flag...
gnome-screensaver -- Multiple monitor hotplug issues
Ray Strode reports: Under certain circumstances it is possible to circumvent the security of screen locking functionality of gnome-screensaver by changing the systems physical monitor configuration. gnome-screensaver can lose its keyboard grab when locked, exposing the system to intrusion by addi...
fetchmail -- heap overflow on verbose X.509 display
Matthias Andree reports: In verbose mode, fetchmail prints X.509 certificate subject and issuer information to the user, and counts and allocates a malloc buffer for that purpose. If the material to be displayed contains characters with high bit set and the platform treats the "char" type as...
drupal -- multiple vulnerabilities
Drupal Team reports: The core OpenID module does not correctly implement Form API for the form that allows one to link user accounts with OpenID identifiers. A malicious user is therefore able to use cross site request forgeries to add attacker controlled OpenID identities to existing accounts...
subversion -- heap overflow vulnerability
A Subversion Security Advisory reports: Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion. Clients with commit access to a vulnerable server can cause a remote hea...
apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)
Apache ChangeLog reports: Integer overflow in the approxysendfb function in proxy/proxyutil.c in modproxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service daemon crash or possibly execute arbitrary code via a large chunk size th...
cscope -- buffer overflow
SecurityFocus reports: Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions...
drupal -- cross-site scripting
The Drupal Security Team reports: When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...
openfire -- Openfire No Password Changes Security Bypass
Secunia reports: A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sendi...
mod_perl -- cross-site scripting
Secunia reports: Certain input passed to the "Apache::Status" and "Apache2::Status" modules is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website...
netatalk -- arbitrary command execution in papd daemon
Secunia reports: A vulnerability has been reported in Netatalk, which potentially can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the papd daemon improperly sanitising several received parameters before passing them in a call to popen. Thi...
imap-uw -- imap c-client buffer overflow
SANS reports: The University of Washington IMAP library is a library implementing the IMAP mail protocol. University of Washington IMAP is exposed to a buffer overflow issue that occurs due to a boundary error within the rfc822outputchar function in the c-client library. The University of...
imap-uw -- local buffer overflow vulnerabilities
SANS reports: University of Washington "tmail" and "dmail" are mail deliver agents. "tmail" and "dmail" are exposed to local buffer overflow issues because they fail to perform adequate boundary checks on user-supplied data...
liveMedia -- DoS vulnerability
The live555 development team reports: Fixed a bounds-checking error in "parseRTSPRequestString" caused by an int vs. unsigned problem. The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the...
drupal -- Cross site request forgeries
The Drupal Project reports: Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a...
c-ares -- DNS Cache Poisoning Vulnerability
Secunia reports: The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed...
Pubcookie Login Server -- XSS vulnerability
Nathan Dors, Pubcookie Project reports: A new non-persistent XSS vulnerability was found in the Pubcookie login server's compiled binary "index.cgi" CGI program. The CGI program mishandles untrusted data when printing responses to the browser. This makes the program vulnerable to carefully crafte...
tdiary -- injection vulnerability
An undisclosed eRuby injection vulnerability had been discovered in tDiary...
gnupg -- buffer overflow
Werner Koch reports: When running GnuPG interactively, special crafted messages may be used to crash gpg or gpg2. Running gpg in batch mode, as done by all software using gpg as a backend e.g. mailers, is not affected by this bug. Exploiting this overflow seems to be possible. gpg-agent, gpgsm,...
proftpd -- Remote Code Execution Vulnerability
FrSIRT reports: A vulnerability has been identified in ProFTPD, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a buffer overflow error in the "main.c" file where the "cmdbufsize" size of the buffer used to handle FTP commands...
dircproxy -- remote denial of service
Securiweb reports: dircproxy allows remote attackers to cause a denial of service segmentation fault via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi...
zope -- restructuredText "csv_table" Information Disclosure
Secunia reports: A vulnerability has been reported in Zope, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the use of the docutils module to parse and render "restructured" text. This can be exploited to...
horde -- Phishing and Cross-Site Scripting Vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in ...
dokuwiki -- spellchecker remote PHP code execution
Stefan Esser reports: During the evaluation of DokuWiki for a german/korean wiki of mine a flaw in DokuWiki's spellchecker was discovered, that allows injecting arbitrary PHP commands, by requesting a spellcheck on PHP commands in 'complex curly syntax'. Because the spellchecker is written as par...
phpmyadmin -- XSRF vulnerabilities
phpMyAdmin security team reports: It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite...
zgv, xzgv -- heap overflow vulnerability
Gentoo reports: Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap...
coppermine -- "file" Local File Inclusion Vulnerability
Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the "file" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary...
fswiki -- XSS vulnerability
JVN reports: FreeStyleWiki has XSS vulnerability...
openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...
jabberd -- SASL Negotiation Denial of Service Vulnerability
Secunia reports: A vulnerability has been reported in jabberd, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error within the handling of SASL negotiation. This can be exploited to cause a crash by sending a "response" stanza...
FreeBSD -- Infinite loop in SACK handling
Problem description: When insufficient memory is available to handle an incoming selective acknowledgement, the TCP/IP stack may enter an infinite loop. Impact: By opening a TCP connection and sending a carefully crafted series of packets, an attacker may be able to cause a denial of service...
tor -- malicious tor server can locate a hidden service
Roger Dingledine reports: If you offer a Tor hidden service, an adversary who can run a fast Tor server and who knows some basic statistics can find the location of your hidden service in a matter of minutes to hours...
rssh -- privilege escalation vulnerability
Pizzashack reports: Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed and rsshchroothelper is installed SUID to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentiall...