mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch MFSA 2010-06 Scriptable plugin execution in SeaMonkey mail MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-59 Heap buffer...

dojo -- cross-site scripting and other vulnerabilities

The Dojo Toolkit team reports: Some PHP files did not properly escape input. Some files could operate like "open redirects". A bad actor could form an URL that looks like it came from a trusted site, but the user would be redirected or load content from the bad actor's site. A file exposed a more...

egroupware -- two vulnerabilities

Egroupware Team report: Nahuel Grisolia from CYBSEC S.A. Security Systems found two security problems in EGroupware: Serious remote command execution allowing to run arbitrary command on the web server by simply issuing a HTTP request!. A reflected cross-site scripting XSS. Both require NO valid...

spamass-milter -- remote command execution vulnerability

The spamassassin milter plugin contains a vulnerability that can allow remote attackers to execute commands on affected systems. The vulnerability can be exploited trough a special-crafted email header when the plugin was started with the '-x' expand flag...

drupal -- multiple vulnerabilities

Drupal Team reports: A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed. The API function drupalgoto is susceptible to a phishing attack. An...

png -- libpng decompression denial of service

A vulnerability in libpng can result in denial of service conditions when a remote attacker tricks a victim to open a specially-crafted PNG file. The PNG project describes the problem in an advisory: Because of the efficient compression method used in Portable Network Graphics PNG files, a small...

pidgin -- multiple remote denial of service vulnerabilities

Three denial of service vulnerabilities where found in pidgin and allow remote attackers to crash the application. The developers summarized these problems as follows: Pidgin can become unresponsive when displaying large numbers of smileys Certain nicknames in group chat rooms can trigger a crash...

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-05 XSS hazard using SVG document and binary Content-Type MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain MFSA 2010-03 Use-after-free crash in HTML parser MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability MFSA 2010-01...

krb5 -- multiple denial of service vulnerabilities

Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows: An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial ...

squid -- Denial of Service vulnerability in HTCP

Squid security advisory 2010:2 reports: Due to incorrect processing Squid is vulnerable to a denial of service attack when receiving specially crafted HTCP packets. This problem allows any machine to perform a denial of service attack on the Squid service when its HTCP port is open...

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability CVE-2010-0186 could subvert the domain sandbox and make unauthorized cross-domain requests. This update also resolves a...

curl -- libcurl buffer overflow vulnerability

The cURL project reports in a security advisory: Using the affected libcurl version to download compressed content over HTTP, an application can ask libcurl to automatically uncompress data. When doing so, libcurl can wrongly send data up to 64K in size to the callback which thus is much larger...

OpenSSL -- Remote Data Injection / DoS

Applications that use SSLMODERELEASEBUFFERS, such as nginx, are prone to a race condition which may allow a remote attacker to inject random data into other connections...

otrs -- SQL injection

OTRS Security Advisory reports: Missing security quoting for SQL statements allows agents and customers to manipulate SQL queries. So it's possible for authenticated users to inject SQL queries via string manipulation of statements. A malicious user may be able to manipulate SQL queries to read o...

gnome-screensaver -- Multiple monitor hotplug issues

Ray Strode reports: Under certain circumstances it is possible to circumvent the security of screen locking functionality of gnome-screensaver by changing the systems physical monitor configuration. gnome-screensaver can lose its keyboard grab when locked, exposing the system to intrusion by addi...

fetchmail -- heap overflow on verbose X.509 display

Matthias Andree reports: In verbose mode, fetchmail prints X.509 certificate subject and issuer information to the user, and counts and allocates a malloc buffer for that purpose. If the material to be displayed contains characters with high bit set and the platform treats the "char" type as...

lighttpd -- denial of service vulnerability

Lighttpd security advisory reports: If you send the request data very slow e.g. sleep 0.01 after each byte, lighttpd will easily use all available memory and die especially for parallel requests, allowing a DoS within minutes...

bugzilla -- information leak

A Bugzilla Security Advisory reports: When moving a bug from one product to another, an intermediate page is displayed letting you select the groups the bug should be restricted to in the new product. However, a regression in the 3.4.x series made it ignore all groups which are not available in...

sudo -- Privilege escalation with sudoedit

Todd Miller reports: When sudo performs its command matching, there is a special case for pseudo-commands in the sudoers file currently, the only pseudo-command is sudoedit. Unlike a regular command, pseudo-commands do not begin with a slash '/'. The flaw is that sudo's the matching code would on...

ejabberd -- queue overload denial of service vulnerability

The Red Hat security response team reports: A remotely exploitable DoS from XMPP client to ejabberd server via too many "client2server" messages causing the message queue on the server to get overloaded, leading to server crash has been found...

wireshark -- LWRES vulnerability

Wireshark project reports: Babi discovered several buffer overflows in the LWRES dissector. It may be possible to make Wireshark crash remotely or by convincing someone to read a malformed packet trace file...

postgresql -- bitsubstr overflow

BugTraq reports: PostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application...

irc-ratbox -- multiple vulnerabilities

SecurityFocus reports: The first affects the /quote HELP module and allows a user to trigger an IRCD crash on some platforms. The second affects the /links processing module when the flattenlinks configuration option is not enabled...

sudosh -- buffer overflow

ISS reports: sudosh2 and sudosh3 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the replay function. By persuading a victim to replay a specially-crafted recorded sudo session, a local attacker could overflow a buffer and execute arbitrary code on the syste...

dokuwiki -- multiple vulnerabilities

Dokuwiki reports: The plugin does no checks against cross-site request forgeries CSRF which can be exploited to e.g. change the access control rules by tricking a logged in administrator into visiting a malicious web site. The bug allows listing the names of arbitrary file on the webserver - not...

squid -- Denial of Service vulnerability in DNS handling

Squid security advisory 2010:1 reports: Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted DNS packets. This problem allows any trusted client or external server who can determine the squid receiving port to perform a short-term...

Wireshark -- Multiple vulnerabilities

Wireshark reports: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats Wireshark could dereference a NULL pointer and crash. The RLC dissector could overflow a buffer...

FreeBSD -- BIND named(8) cache poisoning with DNSSEC validation

Problem Description: If a client requests DNSSEC records with the Checking Disabled CD flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag...

FreeBSD -- ZFS ZIL playback with insecure permissions

Problem Description: When replaying setattr transaction, the replay code would set the attributes with certain insecure defaults, when the logged transaction did not touch these attributes...

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...

powerdns-recursor -- multiple vulnerabilities

PowerDNS Security Advisory reports: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited. PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data...

FreeBSD -- ntpd mode 7 denial of service

Problem Description: If ntpd receives a mode 7 MODEPRIVATE request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response...

lxr -- multiple XSS vulnerabilities

Dan Rosenberg reports: There are several cross-site scripting vulnerabilities in LXR. These vulnerabilities could allow an attacker to execute scripts in a user's browser, steal cookies associated with vulnerable domains, redirect the user to malicious websites, etc...

Zend Framework -- multiple vulnerabilities

The Zend Framework team reports: Potential XSS or HTML Injection vector in ZendJson. Potential XSS vector in ZendServiceReCaptchaMailHide. Potential MIME-type Injection in ZendFileTransfer Executive Summary. Potential XSS vector in ZendFilterStripTags when comments allowed. Potential XSS vector i...

jpgraph2 -- XSS vulnerability

Martin Barbella reports: JpGraph is an object oriented library for PHP that can be used to create various types of graphs which also contains support for client side image maps. The GetURLArguments function for the JpGraph's Graph class does not properly sanitize the names of get and post...

php -- multiple vulnerabilities

PHP developers reports: This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.12: Fixed a safemode bypass in...

drupal -- multiple cross-site scripting

Drupal Team reports: The Contact module does not correctly handle certain user input when displaying category information. Users privileged to create contact categories can insert arbitrary HTML and script code into the contact module administration page. Such a cross-site scripting attack may le...

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects MFSA 2009-70 Privilege escalation via chrome window.opener MFSA 2009-69 Location bar spoofing vulnerabilities MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-67 Integer...

monkey -- improper input validation vulnerability

Census Labs reports: We have discovered a remotely exploitable "improper input validation" vulnerability in the Monkey web server that allows an attacker to perform denial of service attacks by repeatedly crashing worker threads that process HTTP requests...

piwik -- php code execution

secunia reports: Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the core/Cookie.php script using "unserialize" with user controlled input. This can be exploited to e.g. execute...

FreeBSD -- Improper environment sanitization in rtld(1)

Problem Description: When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing...

FreeBSD -- SSL protocol flaw

Problem Description: The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters...

FreeBSD -- Inappropriate directory permissions in freebsd-update(8)

Problem Description: When downloading updates to FreeBSD via 'freebsd-update fetch' or 'freebsd-update upgrade', the freebsd-update8 utility copies currently installed files into its working directory /var/db/freebsd-update by default both for the purpose of merging changes to configuration files...

pligg -- Cross-Site Scripting and Cross-Site Request Forgery

secunia reports: Russ McRee has discovered some vulnerabilities in Pligg, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. Input passed via the "Referer" HTTP header to various scripts e.g. admin/adminconfig.php, admin/adminmodules.php,...

rt -- Session fixation vulnerability

Secunia reports: A vulnerability has been reported in RT, which can be exploited by malicious people to conduct session fixation attacks. The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging...

ruby -- heap overflow vulnerability

The official ruby site reports: There is a heap overflow vulnerability in Stringljust, Stringcenter and Stringrjust. This has allowed an attacker to run arbitrary code in some rare cases...

libtool -- Library Search Path Privilege Escalation Issue

Secunia.com Do not attempt to load an unqualified module.la file from the current directory by default since doing so is insecure and is not compliant with the documentation...

libvorbis -- multiple vulnerabilities

The Ubuntu security team reports: It was discovered that libvorbis did not correctly handle certain malformed vorbis files. If a user were tricked into opening a specially crafted vorbis file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute...

opera -- multiple vulnerabilities

Opera Team reports: Fixed a heap buffer overflow in string to number conversion Fixed an issue where error messages could leak onto unrelated sites Fixed a moderately severe issue, as reported by Chris Evans of the Google Security Team; details will be disclosed at a later date...

cacti -- cross-site scripting issues

The cacti development team reports: The Cross-Site Scripting patch has been posted. This patch addresses cross-site scripting issues reported by Moritz Naumann...