6585 matches found
squidclamav -- Denial of Service
SquidClamav developers report: Add a workaround for a squidGuard bug that unescape the URL and send it back unescaped. This result in garbage staying into pipe of the system command call and could crash squidclamav on next read or return false information. This is specially true with URL containi...
asterisk -- multiple vulnerabilities
Asterisk project reports: Possible resource leak on uncompleted re-invite transactions. Remote crash vulnerability in voice mail application...
asterisk -- multiple vulnerabilities
Asterisk project reports: Stack Buffer Overflow in HTTP Manager Remote Crash Vulnerability in Milliwatt Application...
FreeBSD -- pam_ssh improperly grants access when user account has unencrypted SSH private keys
Problem Description: The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pamssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate...
proftpd -- arbitrary code execution vulnerability with chroot
The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports: If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code.... Proftpd shares the same problem of a similar nature...
OpenTTD -- Buffer overflows in savegame loading
The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors related to 1 NAME, 2 PLYR, 3 CHTS, or 4 AIPL aka AI config chunk loading from a savegame...
ikiwiki -- tty hijacking via ikiwiki-mass-rebuild
The IkiWiki development team reports: Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks...
xrdb -- root hole via rogue hostname
Matthias Hopf reports: By crafting hostnames with shell escape characters, arbitrary commands can be executed in a root environment when a display manager reads in the resource database via xrdb. These specially crafted hostnames can occur in two environments: Systems are affected are: systems se...
mozilla -- update to HTTPS certificate blacklist
The Mozilla Project reports: MFSA 2011-11 Update to HTTPS certificate blacklist...
mupdf -- Remote System Access
Secunia reports: The vulnerability is caused due to an error within the "closedctd" function in fitz/filtdctd.c when processing PDF files containing certain malformed JPEG images. This can be exploited to cause a stack corruption by e.g. tricking a user into opening a specially crafted PDF file...
linux-flashplugin -- remote code execution vulnerability
Adobe Product Security Incident Response Team reports: A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions Adobe Flash Player 10.2.154.18 and earlier for Chrome users for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and...
proftpd -- Compromised source packages backdoor
The ProFTPD Project team reports: The security issue is caused due to the distribution of compromised ProFTPD 1.3.3c source code packages via the project's main FTP server and all of the mirror servers, which contain a backdoor allowing remote root access...
OTRS -- Multiple XSS and denial of service vulnerabilities
OTRS Security Advisory reports: Multiple Cross Site Scripting issues: Missing HTML quoting allows authenticated agents or customers to inject HTML tags. This vulnerability allows an attacker to inject script code into the OTRS web-interface which will be loaded and executed in the browsers of...
lftp -- multiple HTTP client download filename vulnerability
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...
FreeBSD -- Insufficient environment sanitization in jail(8)
Problem Description: The jail8 utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants...
FreeBSD -- ZFS ZIL playback with insecure permissions
Problem Description: When replaying setattr transaction, the replay code would set the attributes with certain insecure defaults, when the logged transaction did not touch these attributes...
powerdns-recursor -- multiple vulnerabilities
PowerDNS Security Advisory reports: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited. PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data...
FreeBSD -- SSL protocol flaw
Problem Description: The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters...
KDE -- multiple vulnerabilities
oCERT reports: Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves inp...
opera -- multiple vulnerabilities
Opera Team Reports: Issue where sites using revoked intermediate certificates might be shown as secure Issue where the collapsed address bar didn't show the current domain Issue where pages could trick users into uploading files Some IDNA characters not correctly displaying in the address bar Iss...
tiff -- Multiple integer overflows
Tielei Wang: Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large 1 width and 2 height values, which triggers a heap-based buffer overflow in the a...
phppgadmin -- directory traversal with register_globals enabled
Secunia reports: Dun has discovered a vulnerability in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information. Input passed via the "language" parameter to libraries/lib.inc.php is not properly sanitised before being used to include files. This can be exploited t...
streamripper -- multiple buffer overflows
Secunia reports: A boundary error exists within httpparsescheader in lib/http.c when parsing an overly long HTTP header starting with "Zwitterion v". A boundary error exists within httpgetpls in lib/http.c when parsing a specially crafted pls playlist containing an overly long entry. A boundary...
phpmyadmin -- Cross-Site Scripting Vulnerability
SecurityFocus reports: phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This ma...
mt-daapd -- integer overflow
FrSIRT reports: A vulnerability has been identified in mt-daapd which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the wsgetpostvars function when processing a negative Content-Length: head...
suphp -- multiple local privilege escalation vulnerabilities
Multiple local privilege escalation are found in the symlink verification code. An attacker may use it to run a PHP script with the victim's privilege. This attack is a little harder when suphp operates in paranoid mode. For suphp that runs in owner mode which is the default in ports, immediate...
peercast -- buffer overflow vulnerability
Luigi Auriemma reports that peercast is vulnerable to a buffer overflow which could lead to a DoS or potentially remote code execution: The handshakeHTTP function which handles all the requests received by the other clients is vulnerable to a heap overflow which allows an attacker to fill the...
lighttpd -- DOS when access files with mtime 0
Lighttpd SA: Lighttpd caches the rendered string for mtime. The cache key has as a default value 0. At that point the pointer to the string are still NULL. If a file with an mtime of 0 is requested it tries to access the pointer and crashes. The bug requires that a malicious user can either uploa...
plone -- unprotected MembershipTool methods
The Plone Team reports: Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the: changeMemberPortrait deletePersonalPortrait testCurrentPassword methods, which allows remote attackers to modify portraits...
google-earth -- heap overflow in the KML engine
JAAScois reports: While processing KML/KMZ data Google Earth fails to verify its size prior to copying it into a fixed-sized buffer. This can be exploited as a buffer-overflow vulnerability to cause the application to crash and/or to execute arbitrary code...
postnuke -- admin section SQL injection
ISS X-Force reports: PostNuke is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the admin section using the hits parameter, which could allow the attacker to view, add, modify or delete information in the back-end database...
eyeOS -- multiple XSS security bugs
eyeOS team reports: EyeOS 0.9.1 release fixes two XSS security bugs, so we recommend all users to upgrade to this new version in order to have the best security. These two bugs were discovered by Jose Carlos Norte, who is a new eyeOS developer...
horde -- multiple parameter cross site scripting vulnerabilities
FrSIRT advisory ADV-2006-2356 reports: Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the "test.php" and "templates/problem/problem.inc" script...
WebCalendar -- information disclosure vulnerability
Secunia reports: socsam has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Input passed to the "includedir" parameter isn't properly verified, before it is used in an "fopen" call...
scponly -- local privilege escalation exploits
Max Vozeler reports: If ALL the following conditions are true, administrators using scponly-4.1 or older may be at risk of a local privilege escalation exploit: the chrooted setuid scponlyc binary is installed regular non-scponly users have interactive shell access to the box a user executable...
nbd-server -- buffer overflow vulnerability
Kurt Fitzner reports a buffer overflow vulnerability within nbd. This could potentially allow the execution of arbitrary code on the nbd server...
ffmpeg -- libavcodec buffer overflow vulnerability
Secunia reports: Simon Kilvington has reported a vulnerability in FFmpeg libavcodec, which can be exploited by malicious people to cause a DoS Denial of Service and potentially to compromise a user's system. The vulnerability is caused due to a boundary error in the "avcodecdefaultgetbuffer"...
cvsbug -- race condition
Problem description A temporary file is created, used, deleted, and then re-created with the same name. This creates a window during which an attacker could replace the file with a link to another file. While cvsbug1 is based on the send-pr1 utility, this problem does not exist in the version of...
urban -- stack overflow vulnerabilities
Several filename-related stack overflow bugs allow a local attacker to elevate its privileges to the games group, since urban is installed setgid games. Issue discovered and fixed by...
squid -- Possible Denial Of Service Vulnerability in store.c
The squid patches page notes: Squid crashes with the above assertion failure assertion failed: store.c:523: "e-storestatus == STOREPENDING" in certain conditions involving aborted requests...
vim -- vulnerabilities in modeline handling: glob, expand
Georgi Guninski discovered a way to construct Vim modelines that execute arbitrary shell commands. The vulnerability can be exploited by including shell commands in modelines that call the glob or expand functions. An attacker could trick an user to read or edit a trojaned file with modelines...
axel -- remote buffer overflow
A Debian Security Advisory reports: Ulf Härnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitra...
f2c -- insecure temporary files
Javier Fernández-Sanguino Peña reports two temporary file vulnerability within f2c. The vulnerabilities are caused due to weak temporary file handling. An attacker could create an symbolic link, causing a local user running f2c to overwrite the symlinked file. This could give the attacker elevate...
tnftp -- mget does not check for directory escapes
When downloading a batch of files from an FTP server the mget command does not check for directory escapes. A specially crafted file on the FTP server could then potentially overwrite an existing file of the user...
fd_set -- bitmap index overflow in multiple applications
3APA3A reports: If programmer fails to check socket number before using select or fdset macros, it's possible to overwrite memory behind fdset structure. Very few select based application actually check FDSETSIZE value. ... Depending on vulnerable application it's possible to overwrite portions o...
up-imapproxy -- multiple vulnerabilities
Timo Sirainen reports: There are various bugs in up-imapproxy which can crash it. Since up-imapproxy runs in a single process with each connection handled in a separate thread, any crash kills all the connections and stops listening for new ones. In 64bit systems it might be possible to make it...
nss -- exploitable buffer overflow in SSLv2 protocol handler
ISS X-Force reports that a remotely exploitable buffer overflow exists in the Netscape Security Services NSS library's implementation of SSLv2. From their advisory: The NSS library contains a flaw in SSLv2 record parsing that may lead to remote compromise. When parsing the first record in an SSLv...
cacti -- SQL injection
Fernando Quintero reports that Cacti 0.8.5a suffers from a SQL injection attack where an attacker can change the password for any Cacti user. This attack is not possible if the PHP option magicquotesgpc is set to On, which is the default for PHP in FreeBSD...
pine remotely exploitable buffer overflow in newmail.c
Kris Kennaway reports a remotely exploitable buffer overflow in newmail.c. Mike Silbersack submitted the fix...
jellyfin -- multiple vulnerabilities
The Jellyfin project reports: Jellyfin Server 10.11.10 fixes three security vulnerabilities: GHSA-f47c-m7gr-q92j: details pending disclosure GHSA-jg92-mrxq-vv75: details pending disclosure GHSA-wwwm-px48-fpvq: details pending disclosure...