pivot-weblog -- file deletion vulnerability

Secunia reports: A vulnerability has been discovered in Pivot, which can be exploited by malicious people to delete certain files. Input passed to the "refkey" parameter in extensions/bbclonetools/count.php is not properly sanitised before being used to delete files. This can be exploited to dele...

ejabberd -- cross-site scripting vulnerability

SecurityFocus reports: The ejabberd application is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials...

opera -- multiple vulnerabilities

Opera Team reports: An unspecified error in the processing of JPEG images can be exploited to trigger a memory corruption. An error can be exploited to execute arbitrary script code in a different domain via unspecified plugins. An unspecified error has a "moderately severe" impact. No further...

zabbix -- php frontend multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in the ZABBIX PHP frontend, which can be exploited by malicious people to conduct cross-site request forgery attacks and malicious users to disclose sensitive information and compromise a vulnerable system. Input appended to and passed via...

curl -- cURL/libcURL Location: Redirect URLs Security Bypass

Secunia reports: The security issue is caused due to cURL following HTTP Location: redirects to e.g. scp:// or file:// URLs which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially...

libsndfile -- CAF processing integer overflow vulnerability

Secunia reports: The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file...

mod_perl -- cross-site scripting

Secunia reports: Certain input passed to the "Apache::Status" and "Apache2::Status" modules is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website...

ziproxy -- multiple vulnerability

Ziproxy Developers reports: Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the...

pango -- integer overflow

oCERT reports: Pango suffers from a multiplicative integer overflow which may lead to a potentially exploitable, heap overflow depending on the calling conditions. For example, this vulnerability is remotely reachable in Firefox by creating an overly large document.location value but only results...

pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability

Secunia reports: A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code...

imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability

SecurityFocus reports: University of Washington IMAP c-client is prone to a remote format-string vulnerability because the software fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function...

tptest -- pwd Remote Stack Buffer Overflow

SecurityFocus reports: TPTEST is prone to a remote stack-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition...

libxine -- multiple vulnerabilities

Multiple vulnerabilities were fixed in libxine 1.1.16.2. Tobias Klein reports: FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of FFmpeg or an application using...

Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()

Matthew Weier O'Phinney reports: A potential Local File Inclusion LFI vulnerability exists in the ZendView::render method. If user input is used to specify the script path, then it is possible to trigger the LFI. Note that Zend Framework applications that never call the ZendView::render method wi...

typo3 -- cross-site scripting and information disclosure

Secunia reports: Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Input passed via unspecified fields to the backend user interface is not properly sanitised before being return...

tor -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Tor, where one has an unknown impact and others can be exploited by malicious people to cause a DoS. An error when running Tor as a directory authority can be exploited to trigger the execution of an infinite loop. An unspecified error...

pyblosxom -- atom flavor multiple XML injection vulnerabilities

Security Focus reports: PyBlosxom is prone to multiple XML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied XML and script code would run in the context of the affected browser,...

typo3 -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The "Install tool" system extension uses...

proftpd -- multiple sql injection vulnerabilities

Secunia reports: Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks. The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting...

wireshark -- multiple vulnerabilities

Vendor reports: On non-Windows systems Wireshark could crash if the HOME environment variable contained sprintf-style string formatting characters. Wireshark could crash while reading a malformed NetScreen snoop file. Wireshark could crash while reading a Tektronix K12 text capture file...

pycrypto -- ARC2 module buffer overflow

Dwayne C. Litzenberger reports: pycrypto is exposed to a buffer overflow issue because it fails to adequately verify user-supplied input. This issue resides in the ARC2 module. This issue can be triggered with specially crafted ARC2 keys in excess of 128 bytes...

sudo -- certain authorized users could run commands as any user

Todd Miller reports: A bug was introduced in Sudo's group matching code in version 1.6.9 when support for matching based on the supplemental group vector was added. This bug may allow certain users listed in the sudoers file to run a command as a different user than their access rule specifies...

squid -- remote denial of service vulnerability

Squid security advisory 2009:1 reports: Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client to perform a denial of service attack on the Squid service...

firefox -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL...

ghostscript -- buffer overflow vulnerability

SecurityFocus reports: Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary dat...

ffmpeg -- 4xm processing memory corruption vulnerability

Secunia reports: Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a signedness error within the "fourxmreadheader" function in libavformat/4xm.c. This can ...

epiphany -- untrusted search path vulnerability

CVE Mitre reports: Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function...

ganglia -- buffer overflow vulnerability

Secunia reports: Spike Spiegel has discovered a vulnerability in Ganglia which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the processpath function in gmetad/server.c. This can be exploited to cause a stack-bas...

dia -- remote command execution vulnerability

Security Focus reports: An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-i...

glpi -- SQL Injection

The GLPI project reports: Input passed via unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulateSQL queries by injecting arbitrary SQL code...

tor -- unspecified memory corruption vulnerability

Secunia reports: A vulnerability with an unknown impact has been reported in Tor. The vulnerability is caused due to an unspecified error and can be exploited to trigger a heap corruption. No further information is currently available...

gstreamer-plugins-good -- multiple memory overflows

Secunia reports: Tobias Klein has reported some vulnerabilities in GStreamer Good Plug-ins, which can potentially be exploited by malicious people to compromise a vulnerable system. A boundary error occurs within the "qtdemuxparsesamples" function in gst/gtdemux/qtdemux.c when performing QuickTim...

roundcube -- webmail script insertion and php code injection

Secunia reports: Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML "background" attribute within e.g. HT...

moinmoin -- multiple cross site scripting vulnerabilities

Secunia reports: Some vulnerabilities have been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited ...

moinmoin -- multiple cross site scripting vulnerabilities

Secunia reports: Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Certain input passed to...

expat2 -- Parser crash with specially formatted UTF-8 sequences

CVE reports: The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buff...

phplist -- local file inclusion vulnerability

Secunia reports: Input passed to the "SERVERConfigFile" parameter in admin/index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources...

drupal -- multiple vulnerabilities

Drupal Team reports: The Content Translation module for Drupal 6.x enables users to make a translation of an existing item of content a node. In that proces the existing node's content is copied into the new node's submission form. The module contains a flaw that allows a user with the 'translate...

Teamspeak Server -- Directory Traversal Vulnerability

SecurityFocus reports: TeamSpeak is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks...

amarok -- multiple vulnerabilities

Secunia reports: Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system. Two integer overflow errors exist within the "Audible::Tag::readTag" function in src/metadata/audible/audibletag.cpp. These can be...

openfire -- multiple vulnerabilities

Core Security Technologies reports: Multiple cross-site scripting vulnerabilities have been found which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code...

libaudiofile -- heap-based overflow in Microsoft ADPCM compression module

Debian reports: Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted WAV file...

xterm -- DECRQSS remote command execution vulnerability

SecurityFocus reports: The xterm program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input. Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected...

ampache -- insecure temporary file usage

Secunia reports: A security issue has been reported in Ampache, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "gather-messages.sh" script handling temporary files in an insecure manner. This can be...

php5-gd -- uninitialized memory information disclosure vulnerability

According to CVE-2008-5498 entry: Array index error in the "imageRotate" function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the "bgdcolor" or "clrBack" argument for an indexed image...

FreeBSD -- netgraph / bluetooth privilege escalation

Problem Description: Some function pointers for netgraph and bluetooth sockets are not properly initialized. Impact: A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail...

FreeBSD -- Cross-site request forgery in ftpd(8)

Problem Description: The ftpd8 server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command. Impact: This could, with a specifically crafted command, be used in a cross-site request forgery attack. FreeBSD...

php-mbstring -- php mbstring buffer overflow vulnerability

SecurityFocus reports: PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the 'mbstring' extension included in the standard distribution. An attacker can exploit th...

git -- gitweb privilege escalation

Git maintainers report: gitweb has a possible local privilege escalation bug that allows a malicious repository owner to run a command of his choice by specifying diff.external configuration variable in his repository and running a crafted gitweb query...

netatalk -- arbitrary command execution in papd daemon

Secunia reports: A vulnerability has been reported in Netatalk, which potentially can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the papd daemon improperly sanitising several received parameters before passing them in a call to popen. Thi...