6585 matches found
dircproxy -- remote denial of service
Securiweb reports: dircproxy allows remote attackers to cause a denial of service segmentation fault via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi...
zope -- restructuredText "csv_table" Information Disclosure
Secunia reports: A vulnerability has been reported in Zope, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the use of the docutils module to parse and render "restructured" text. This can be exploited to...
horde -- Phishing and Cross-Site Scripting Vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in ...
wv2 -- Integer Overflow Vulnerability
Secunia reports: A vulnerability has been reported in wvWare wv2 Library, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an integer overflow error in "wordhelper.h" when handling a Word document. This can b...
dokuwiki -- spellchecker remote PHP code execution
Stefan Esser reports: During the evaluation of DokuWiki for a german/korean wiki of mine a flaw in DokuWiki's spellchecker was discovered, that allows injecting arbitrary PHP commands, by requesting a spellcheck on PHP commands in 'complex curly syntax'. Because the spellchecker is written as par...
squirrelmail -- plugin.php local file inclusion vulnerability
The SquirrelMail Project Team reports: A security issue has been uncovered in functions/plugin.php that could allow a remote user to access local files on the server without requiring login. This issue manifests itself if registerglobals is enabled, and magicquotesgpc is disabled...
phpmyadmin -- XSRF vulnerabilities
phpMyAdmin security team reports: It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite...
zgv, xzgv -- heap overflow vulnerability
Gentoo reports: Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap...
coppermine -- "file" Local File Inclusion Vulnerability
Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the "file" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary...
fswiki -- XSS vulnerability
JVN reports: FreeStyleWiki has XSS vulnerability...
openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...
FreeBSD -- Infinite loop in SACK handling
Problem description: When insufficient memory is available to handle an incoming selective acknowledgement, the TCP/IP stack may enter an infinite loop. Impact: By opening a TCP connection and sending a carefully crafted series of packets, an attacker may be able to cause a denial of service...
tor -- malicious tor server can locate a hidden service
Roger Dingledine reports: If you offer a Tor hidden service, an adversary who can run a fast Tor server and who knows some basic statistics can find the location of your hidden service in a matter of minutes to hours...
rssh -- privilege escalation vulnerability
Pizzashack reports: Max Vozeler has reported a problem whereby rssh can allow users who have shell access to systems where rssh is installed and rsshchroothelper is installed SUID to gain root access to the system, due to the ability to chroot to arbitrary locations. There are a lot of potentiall...
trac -- search module SQL injection vulnerability
Secunia reports: A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct SQL injection attacks. Some unspecified input passed in the search module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by...
phpicalendar -- cross site scripting vulnerability
Francesco Ongaro reports that phpicalendar is vulnerable for a cross site scripting attack. The vulnerability is caused by improper validation of the index.php file allowing attackers to include an arbitrary file with the .php extension...
gaim -- MSN Remote DoS vulnerability
The GAIM team reports: Remote attackers can cause a denial of service crash via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error...
picasm -- buffer overflow vulnerability
Shaun Colley reports: When generating error and warning messages, picasm copies strings into fixed length buffers without bounds checking. If an attacker could trick a user into assembling a source file with a malformed 'error' directive, arbitrary code could be executed with the privileges of th...
libexif -- buffer overflow vulnerability
Sylvain Defresne reports that libexif is vulnerable to a buffer overflow vulnerability due to insufficient input checking. This could lead crash of applications using libexif...
uim -- privilege escalation vulnerability
The uim developers reports: Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+...
ngircd -- buffer overflow vulnerability
Florian Westphal discovered a buffer overflow in ngircd which can be used remotely crash the server and possibly execute arbitrary code...
konversation -- shell script command injection
Konversation comes with Perl scripts that do not properly escape shell characters on executing a script. This makes it possible to attack Konversation with shell script command injection...
ruby -- CGI DoS
The Ruby CGI.rb module contains a bug which can cause the CGI module to go into an infinite loop, thereby causing a denial-of-service situation on the web server by using all available CPU time...
icecast -- HTTP header overflow
It is possible to execute remote code simply using HTTP request plus 31 headers followed by a shellcode that will be executed directly...
xv -- exploitable buffer overflows
In a Bugtraq posting, infamous41mdathotpop.com reported: there are at least 5 exploitable buffer and heap overflows in the image handling code. this allows someone to craft a malicious image, trick a user into viewing the file in xv, and upon viewing that image execute arbitrary code under...
Cyrus IMSPd multiple vulnerabilities
The Cyrus team reported multiple vulnerabilities in older versions of Cyrus IMSPd: These releases correct a recently discovered buffer overflow vulnerability, as well as clean up a significant amount of buffer handling throughout the code...
Incorrect cross-realm trust handling in Heimdal
Heimdal does not correctly validate the transited' field of Kerberos tickets when computing the authentication path. This could allow a rogue KDC with which cross-realm relationships have been established to impersonate any KDC in the authentication path...
MySQL insecure temporary file creation (mysqlbug)
Shaun Colley reports that the script mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with...
mysql -- FTS request denial of service vulnerability
A special crafted MySQL FTS request can cause the server to crash. Malicious MySQL users can abuse this bug in a denial of service attack against systems running an affected MySQL daemon. Note that because this bug is related to the parsing of requests, it may happen that this bug is triggered...
isakmpd payload handling denial-of-service vulnerabilities
Numerous errors in isakmpd's input packet validation lead to denial-of-service vulnerabilities. From the Rapid7 advisory: The ISAKMP packet processing functions in OpenBSD's isakmpd daemon contain multiple payload handling flaws that allow a remote attacker to launch a denial of service attack...
GNU Anubis buffer overflows and format string vulnerabilities
Ulf Härnhammar discovered several vulnerabilities in GNU Anubis. Unsafe uses of sscanf'. The %s' format specifier is used, which allows a classical buffer overflow. auth.c Format string bugs invoking syslog'. log.c, errs.c, ssl.c Ulf notes that these vulnerabilities can be exploited by a maliciou...
squid ACL bypass due to URL decoding bug
From the Squid advisory: Squid versions 2.5.STABLE4 and earlier contain a bug in the "%xx" URL decoding function. It may insert a NUL character into decoded URLs, which may allow users to bypass urlregex ACLs...
jailed processes can attach to other jails
A programming error has been found in the jailattach2 system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jailattach system call would fail only after changing the...
www/nginx -- Remote Code Execution/DoS
nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...
firefox -- Memory safety bugs present in Firefox 150
https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/ reports: Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...
xwayland -- Multiple vulnerabilities
X.Org project reports: Multiple issues have been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.22 and xwayland-24.1.10...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description Medium SECURITY-3495 / CVE-2025-27622 Encrypted values of secrets stored in agent configuration revealed to users with Agent/Extended Read permission Description Medium SECURITY-3496 / CVE-2025-27623 Encrypted values of secrets stored in view configuration...
rsync -- Multiple security fixes
rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 379009132 High CVE-2024-12053: Type Confusion in V8. Reported by gal1ium and chluo on 2024-11-14...
gstreamer1-plugins-gdkpixbuf -- NULL-pointer dereference
The GStreamer Security Center reports: A NULL-pointer dereference in the gdk-pixbuf decoder that can cause crashes for certain input files...
gstreamer1-plugins -- multiple vulnerabilities
The GStreamer Security Center reports: 3 security bugs. CVE-2024-47542: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47600: Out-of-bounds read in gst-discoverer-1.0 commandline tool CVE-2024-47541: Out-of-bounds write in SSA subtitle parser...
Gitlab -- vulnerabilities
Gitlab reports: Privilege Escalation via LFS Tokens DoS through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file Unintended Access to Usage Data via Scoped Tokens Gitlab DOS via Harbor registry integration Resource exhaustion and denial of service with testrepo...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 3 security fixes: 368241697 High CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee @0x10n on 2024-09-20 367818758 High CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs on 2024-09-18...
redis,valkey -- Multiple vulnerabilities
Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 367764861 High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18 368208152 High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on...
firefox -- Multiple vulnerabilities
[email protected] reports: CVE-2024-5697: A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. CVE-2024-5698: By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box ove...
traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability
The traefik authors report: There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...
minio -- unintentional information disclosure
Minio security advisory GHSA-95fr-cm4m-q5p9 reports: when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix: 339458194 High CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 1 security fix: 339266700 High CVE-2024-4671: Use after free in Visuals. Reported by Anonymous on 2024-05-07...