6583 matches found
nginx -- potential information leak
nginx development team reports: Matthew Daley recently discovered a security problem which may lead to a disclosure of previously freed memory on specially crafted response from an upstream server, potentially resulting in sensitive information leak...
isc-dhcp-server -- DoS in DHCPv6
ISC reports: Due to improper handling of a DHCPv6 lease structure, ISC DHCP servers that are serving IPv6 address pools AND using Dynamic DNS can encounter a segmentation fault error while updating lease status under certain conditions. The potential exists for this condition to be intentionally...
WebCalendar -- Persistent XSS
tom reports, There is no sanitation on the input of the location variable allowing for persistent XSS...
PuTTY -- Password vulnerability
Simon Tatham reports: PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61. If you log in using SSH-2 keyboard-interactive authentication which is the usual method used by modern servers to request a password, the password you type was accidentally kept in PuTTY's memory for the rest ...
php -- corruption of $GLOBALS and $this variables via extract() method
Off-by-one error in the sanity validator for the extract method allowed attackers to replace the values of $GLOBALS and $this when mode EXTROVERWRITE was used...
Axis2 -- Cross-site scripting (XSS) vulnerability
Apache Axis2 reports: Apache Axis2 1.7.3 is a security release that contains a fix for CVE-2010-3981. That security vulnerability affects the admin console that is part of the Axis2 Web application and was originally reported for SAP BusinessObjects which includes a version of Axis2. That report...
openx -- remote code execution vulnerability
The OpenX project reported: It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised. This vulnerability exists in the file upload functionality and allows...
kvirc -- multiple vulnerabilities
Two security vulnerabilities have been discovered: Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to...
spamass-milter -- remote command execution vulnerability
The spamassassin milter plugin contains a vulnerability that can allow remote attackers to execute commands on affected systems. The vulnerability can be exploited trough a special-crafted email header when the plugin was started with the '-x' expand flag...
gnome-screensaver -- Multiple monitor hotplug issues
Ray Strode reports: Under certain circumstances it is possible to circumvent the security of screen locking functionality of gnome-screensaver by changing the systems physical monitor configuration. gnome-screensaver can lose its keyboard grab when locked, exposing the system to intrusion by addi...
fetchmail -- heap overflow on verbose X.509 display
Matthias Andree reports: In verbose mode, fetchmail prints X.509 certificate subject and issuer information to the user, and counts and allocates a malloc buffer for that purpose. If the material to be displayed contains characters with high bit set and the platform treats the "char" type as...
expat2 -- buffer over-read and crash
CVE reports: The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related t...
drupal -- multiple vulnerabilities
Drupal Team reports: The core OpenID module does not correctly implement Form API for the form that allows one to link user accounts with OpenID identifiers. A malicious user is therefore able to use cross site request forgeries to add attacker controlled OpenID identities to existing accounts...
subversion -- heap overflow vulnerability
A Subversion Security Advisory reports: Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion. Clients with commit access to a vulnerable server can cause a remote hea...
apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)
Apache ChangeLog reports: Integer overflow in the approxysendfb function in proxy/proxyutil.c in modproxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service daemon crash or possibly execute arbitrary code via a large chunk size th...
cscope -- buffer overflow
SecurityFocus reports: Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions...
drupal -- cross-site scripting
The Drupal Security Team reports: When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...
openfire -- Openfire No Password Changes Security Bypass
Secunia reports: A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sendi...
mod_perl -- cross-site scripting
Secunia reports: Certain input passed to the "Apache::Status" and "Apache2::Status" modules is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website...
netatalk -- arbitrary command execution in papd daemon
Secunia reports: A vulnerability has been reported in Netatalk, which potentially can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the papd daemon improperly sanitising several received parameters before passing them in a call to popen. Thi...
imap-uw -- imap c-client buffer overflow
SANS reports: The University of Washington IMAP library is a library implementing the IMAP mail protocol. University of Washington IMAP is exposed to a buffer overflow issue that occurs due to a boundary error within the rfc822outputchar function in the c-client library. The University of...
wireshark -- SMTP Processing Denial of Service Vulnerability
Secunia reports: A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS. The vulnerability is caused due to an error in the SMTP dissector and can be exploited to trigger the execution of an infinite loop via a large SMTP packet...
imap-uw -- local buffer overflow vulnerabilities
SANS reports: University of Washington "tmail" and "dmail" are mail deliver agents. "tmail" and "dmail" are exposed to local buffer overflow issues because they fail to perform adequate boundary checks on user-supplied data...
liveMedia -- DoS vulnerability
The live555 development team reports: Fixed a bounds-checking error in "parseRTSPRequestString" caused by an int vs. unsigned problem. The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the...
drupal -- Cross site request forgeries
The Drupal Project reports: Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a...
c-ares -- DNS Cache Poisoning Vulnerability
Secunia reports: The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed...
Pubcookie Login Server -- XSS vulnerability
Nathan Dors, Pubcookie Project reports: A new non-persistent XSS vulnerability was found in the Pubcookie login server's compiled binary "index.cgi" CGI program. The CGI program mishandles untrusted data when printing responses to the browser. This makes the program vulnerable to carefully crafte...
tdiary -- injection vulnerability
An undisclosed eRuby injection vulnerability had been discovered in tDiary...
gnupg -- buffer overflow
Werner Koch reports: When running GnuPG interactively, special crafted messages may be used to crash gpg or gpg2. Running gpg in batch mode, as done by all software using gpg as a backend e.g. mailers, is not affected by this bug. Exploiting this overflow seems to be possible. gpg-agent, gpgsm,...
proftpd -- Remote Code Execution Vulnerability
FrSIRT reports: A vulnerability has been identified in ProFTPD, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a buffer overflow error in the "main.c" file where the "cmdbufsize" size of the buffer used to handle FTP commands...
dircproxy -- remote denial of service
Securiweb reports: dircproxy allows remote attackers to cause a denial of service segmentation fault via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi...
zope -- restructuredText "csv_table" Information Disclosure
Secunia reports: A vulnerability has been reported in Zope, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the use of the docutils module to parse and render "restructured" text. This can be exploited to...
horde -- Phishing and Cross-Site Scripting Vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in ...
dokuwiki -- spellchecker remote PHP code execution
Stefan Esser reports: During the evaluation of DokuWiki for a german/korean wiki of mine a flaw in DokuWiki's spellchecker was discovered, that allows injecting arbitrary PHP commands, by requesting a spellcheck on PHP commands in 'complex curly syntax'. Because the spellchecker is written as par...
phpmyadmin -- XSRF vulnerabilities
phpMyAdmin security team reports: It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite...
zgv, xzgv -- heap overflow vulnerability
Gentoo reports: Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap...
coppermine -- "file" Local File Inclusion Vulnerability
Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the "file" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary...
fswiki -- XSS vulnerability
JVN reports: FreeStyleWiki has XSS vulnerability...
openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...
jabberd -- SASL Negotiation Denial of Service Vulnerability
Secunia reports: A vulnerability has been reported in jabberd, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error within the handling of SASL negotiation. This can be exploited to cause a crash by sending a "response" stanza...
FreeBSD -- Infinite loop in SACK handling
Problem description: When insufficient memory is available to handle an incoming selective acknowledgement, the TCP/IP stack may enter an infinite loop. Impact: By opening a TCP connection and sending a carefully crafted series of packets, an attacker may be able to cause a denial of service...
fetchmail -- crash when bouncing a message
Matthias Andree reports: Fetchmail contains a bug that causes itself to crash when bouncing a message to the originator or to the local postmaster. The crash happens after the bounce message has been sent, when fetchmail tries to free the dynamic array of failed addresses, and calls the free...
tor -- malicious tor server can locate a hidden service
Roger Dingledine reports: If you offer a Tor hidden service, an adversary who can run a fast Tor server and who knows some basic statistics can find the location of your hidden service in a matter of minutes to hours...
rssh -- privilege escalation vulnerability
Pizzashack reports: Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed and rsshchroothelper is installed SUID to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentiall...
trac -- search module SQL injection vulnerability
Secunia reports: A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct SQL injection attacks. Some unspecified input passed in the search module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by...
phpicalendar -- cross site scripting vulnerability
Francesco Ongaro reports that phpicalendar is vulnerable for a cross site scripting attack. The vulnerability is caused by improper validation of the index.php file allowing attackers to include an arbitrary file with the .php extension...
gaim -- MSN Remote DoS vulnerability
The GAIM team reports: Remote attackers can cause a denial of service crash via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error...
picasm -- buffer overflow vulnerability
Shaun Colley reports: When generating error and warning messages, picasm copies strings into fixed length buffers without bounds checking. If an attacker could trick a user into assembling a source file with a malformed 'error' directive, arbitrary code could be executed with the privileges of th...
egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the 1 abid, 2 page, 3 type, or 4 lang parameter to index.php or 5 categoryid parameter. Multiple SQL injection vulnerabilities in index.php in...
libexif -- buffer overflow vulnerability
Sylvain Defresne reports that libexif is vulnerable to a buffer overflow vulnerability due to insufficient input checking. This could lead crash of applications using libexif...