Lucene search
K
FreebsdRecent

6581 matches found

FreeBSD
FreeBSD
•added 2009/04/06 12:0 a.m.•28 views

wireshark -- multiple vulnerabilities

Wireshark team reports: Wireshark 1.0.7 fixes the following vulnerabilities: The PROFINET dissector was vulnerable to a format string overflow. Bug 3382 Versions affected: 0.99.6 to 1.0.6, CVE-2009-1210. The Check Point High-Availability Protocol CPHAP dissector could crash. Bug 3269 Versions...

10CVSS6.3AI score0.1523EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2009/04/04 12:0 a.m.•35 views

libxine -- multiple vulnerabilities

xine developers report: Fix another possible int overflow in the 4XM demuxer. ref. TKADV2009-004, CVE-2009-0385 Fix an integer overflow in the Quicktime demuxer...

9.3CVSS6.7AI score0.06664EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2009/03/25 12:0 a.m.•29 views

FreeBSD -- remotely exploitable crash in OpenSSL

Problem Description The function ASN1STRINGprintex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. Impact An application which attempts to print a BMPString or UniversalString which has an invalid length will crash as a result of...

5CVSS2.8AI score0.06194EPSS
Exploits0
FreeBSD
FreeBSD
•added 2009/03/24 12:0 a.m.•38 views

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

9.8CVSS6.5AI score0.95438EPSS
Exploits16References1
FreeBSD
FreeBSD
•added 2009/03/23 12:0 a.m.•22 views

drupal6-cck -- cross-site scripting

Drupal CCK plugin developer reports: The Node reference and User reference sub-modules, which are part of the Content Construction Kit CCK project, lets administrators define node fields that are references to other nodes or to users. When displaying a node edit form, the titles of candidate...

4.3CVSS6.3AI score0.01223EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/03/18 12:0 a.m.•8 views

pivot-weblog -- file deletion vulnerability

Secunia reports: A vulnerability has been discovered in Pivot, which can be exploited by malicious people to delete certain files. Input passed to the "refkey" parameter in extensions/bbclonetools/count.php is not properly sanitised before being used to delete files. This can be exploited to dele...

3.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/03/16 12:0 a.m.•24 views

ejabberd -- cross-site scripting vulnerability

SecurityFocus reports: The ejabberd application is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials...

4.3CVSS6.8AI score0.01604EPSS
Exploits0
FreeBSD
FreeBSD
•added 2009/03/15 12:0 a.m.•32 views

opera -- multiple vulnerabilities

Opera Team reports: An unspecified error in the processing of JPEG images can be exploited to trigger a memory corruption. An error can be exploited to execute arbitrary script code in a different domain via unspecified plugins. An unspecified error has a "moderately severe" impact. No further...

6.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2009/03/04 12:0 a.m.•19 views

zabbix -- php frontend multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in the ZABBIX PHP frontend, which can be exploited by malicious people to conduct cross-site request forgery attacks and malicious users to disclose sensitive information and compromise a vulnerable system. Input appended to and passed via...

1.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2009/03/03 12:0 a.m.•32 views

curl -- cURL/libcURL Location: Redirect URLs Security Bypass

Secunia reports: The security issue is caused due to cURL following HTTP Location: redirects to e.g. scp:// or file:// URLs which can be exploited by a malicious HTTP server to overwrite or disclose the content of arbitrary local files and potentially execute arbitrary commands via specially...

6.8CVSS1AI score0.07812EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2009/03/03 12:0 a.m.•37 views

libsndfile -- CAF processing integer overflow vulnerability

Secunia reports: The vulnerability is caused due to an integer overflow error in the processing of CAF description chunks. This can be exploited to cause a heap-based buffer overflow by tricking the user into processing a specially crafted CAF audio file...

9.3CVSS3.4AI score0.03642EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/02/28 12:0 a.m.•23 views

mod_perl -- cross-site scripting

Secunia reports: Certain input passed to the "Apache::Status" and "Apache2::Status" modules is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website...

2.6CVSS9.5AI score0.29638EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2009/02/23 12:0 a.m.•38 views

ziproxy -- multiple vulnerability

Ziproxy Developers reports: Multiple HTTP proxy implementations are prone to an information-disclosure vulnerability related to the interpretation of the 'Host' HTTP header. Specifically, this issue occurs when the proxy makes a forwarding decision based on the 'Host' HTTP header instead of the...

5.4CVSS6.2AI score0.02376EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/02/22 12:0 a.m.•28 views

pango -- integer overflow

oCERT reports: Pango suffers from a multiplicative integer overflow which may lead to a potentially exploitable, heap overflow depending on the calling conditions. For example, this vulnerability is remotely reachable in Firefox by creating an overly large document.location value but only results...

6.8CVSS6.6AI score0.0413EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2009/02/19 12:0 a.m.•41 views

pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability

Secunia reports: A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code...

6.8CVSS2.7AI score0.04825EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2009/02/17 12:0 a.m.•10 views

imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability

SecurityFocus reports: University of Washington IMAP c-client is prone to a remote format-string vulnerability because the software fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function...

3.3AI score
Exploits0
FreeBSD
FreeBSD
•added 2009/02/16 12:0 a.m.•16 views

tptest -- pwd Remote Stack Buffer Overflow

SecurityFocus reports: TPTEST is prone to a remote stack-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition...

4.4AI score
Exploits0
FreeBSD
FreeBSD
•added 2009/02/15 12:0 a.m.•40 views

libxine -- multiple vulnerabilities

Multiple vulnerabilities were fixed in libxine 1.1.16.2. Tobias Klein reports: FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of FFmpeg or an application using...

9.3CVSS6.2AI score0.05748EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/02/11 12:0 a.m.•15 views

Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()

Matthew Weier O'Phinney reports: A potential Local File Inclusion LFI vulnerability exists in the ZendView::render method. If user input is used to specify the script path, then it is possible to trigger the LFI. Note that Zend Framework applications that never call the ZendView::render method wi...

1.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/02/10 12:0 a.m.•38 views

typo3 -- cross-site scripting and information disclosure

Secunia reports: Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Input passed via unspecified fields to the backend user interface is not properly sanitised before being return...

6.5AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2009/02/10 12:0 a.m.•24 views

tor -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Tor, where one has an unknown impact and others can be exploited by malicious people to cause a DoS. An error when running Tor as a directory authority can be exploited to trigger the execution of an infinite loop. An unspecified error...

5CVSS6.7AI score0.0192EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/02/09 12:0 a.m.•12 views

pyblosxom -- atom flavor multiple XML injection vulnerabilities

Security Focus reports: PyBlosxom is prone to multiple XML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied XML and script code would run in the context of the affected browser,...

2.5AI score
Exploits0
FreeBSD
FreeBSD
•added 2009/02/07 12:0 a.m.•29 views

typo3 -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The "Install tool" system extension uses...

7.5CVSS0.2AI score0.09442EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2009/02/06 12:0 a.m.•59 views

proftpd -- multiple sql injection vulnerabilities

Secunia reports: Some vulnerabilities have been reported in ProFTPD, which can be exploited by malicious people to conduct SQL injection attacks. The application improperly sets the character encoding prior to performing SQL queries. This can be exploited to manipulate SQL queries by injecting...

2.3AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2009/02/06 12:0 a.m.•14 views

pycrypto -- ARC2 module buffer overflow

Dwayne C. Litzenberger reports: pycrypto is exposed to a buffer overflow issue because it fails to adequately verify user-supplied input. This issue resides in the ARC2 module. This issue can be triggered with specially crafted ARC2 keys in excess of 128 bytes...

3.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/02/06 12:0 a.m.•31 views

wireshark -- multiple vulnerabilities

Vendor reports: On non-Windows systems Wireshark could crash if the HOME environment variable contained sprintf-style string formatting characters. Wireshark could crash while reading a malformed NetScreen snoop file. Wireshark could crash while reading a Tektronix K12 text capture file...

5CVSS1.5AI score0.02625EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2009/02/04 12:0 a.m.•37 views

sudo -- certain authorized users could run commands as any user

Todd Miller reports: A bug was introduced in Sudo's group matching code in version 1.6.9 when support for matching based on the supplemental group vector was added. This bug may allow certain users listed in the sudoers file to run a command as a different user than their access rule specifies...

7.8CVSS2.5AI score0.00406EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/02/04 12:0 a.m.•24 views

squid -- remote denial of service vulnerability

Squid security advisory 2009:1 reports: Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client to perform a denial of service attack on the Squid service...

5CVSS3.8AI score0.71986EPSS
Exploits8References2
FreeBSD
FreeBSD
•added 2009/02/04 12:0 a.m.•40 views

firefox -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-06: Directives to not cache pages ignored MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04: Chrome privilege escalation via local .desktop files MFSA 2009-03: Local file stealing with SessionStore MFSA 2009-02: XSS using a chrome XBL...

10CVSS1.9AI score0.04331EPSS
Exploits0References7
FreeBSD
FreeBSD
•added 2009/02/03 12:0 a.m.•27 views

ghostscript -- buffer overflow vulnerability

SecurityFocus reports: Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary dat...

5CVSS6.9AI score0.04495EPSS
Exploits0
FreeBSD
FreeBSD
•added 2009/01/28 12:0 a.m.•34 views

ffmpeg -- 4xm processing memory corruption vulnerability

Secunia reports: Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a signedness error within the "fourxmreadheader" function in libavformat/4xm.c. This can ...

9.3CVSS3.5AI score0.06664EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2009/01/26 12:0 a.m.•28 views

dia -- remote command execution vulnerability

Security Focus reports: An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-i...

6.9CVSS6.7AI score0.00399EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2009/01/26 12:0 a.m.•35 views

epiphany -- untrusted search path vulnerability

CVE Mitre reports: Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function...

6.9CVSS9.4AI score0.0051EPSS
Exploits2
FreeBSD
FreeBSD
•added 2009/01/26 12:0 a.m.•34 views

ganglia -- buffer overflow vulnerability

Secunia reports: Spike Spiegel has discovered a vulnerability in Ganglia which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the processpath function in gmetad/server.c. This can be exploited to cause a stack-bas...

7.5CVSS4.9AI score0.05346EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2009/01/25 12:0 a.m.•15 views

glpi -- SQL Injection

The GLPI project reports: Input passed via unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulateSQL queries by injecting arbitrary SQL code...

4.3AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2009/01/22 12:0 a.m.•25 views

gstreamer-plugins-good -- multiple memory overflows

Secunia reports: Tobias Klein has reported some vulnerabilities in GStreamer Good Plug-ins, which can potentially be exploited by malicious people to compromise a vulnerable system. A boundary error occurs within the "qtdemuxparsesamples" function in gst/gtdemux/qtdemux.c when performing QuickTim...

5.1AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2009/01/22 12:0 a.m.•27 views

tor -- unspecified memory corruption vulnerability

Secunia reports: A vulnerability with an unknown impact has been reported in Tor. The vulnerability is caused due to an unspecified error and can be exploited to trigger a heap corruption. No further information is currently available...

10CVSS2.6AI score0.03021EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2009/01/21 12:0 a.m.•40 views

moinmoin -- multiple cross site scripting vulnerabilities

Secunia reports: Some vulnerabilities have been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited ...

4.3CVSS0.3AI score0.05435EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2009/01/21 12:0 a.m.•24 views

roundcube -- webmail script insertion and php code injection

Secunia reports: Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML "background" attribute within e.g. HT...

4.3CVSS1.2AI score0.0198EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2009/01/21 12:0 a.m.•38 views

moinmoin -- multiple cross site scripting vulnerabilities

Secunia reports: Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Certain input passed to...

4.3CVSS0.2AI score0.05435EPSS
Exploits1References4
FreeBSD
FreeBSD
•added 2009/01/17 12:0 a.m.•34 views

expat2 -- Parser crash with specially formatted UTF-8 sequences

CVE reports: The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buff...

5CVSS7.6AI score0.27924EPSS
Exploits1
FreeBSD
FreeBSD
•added 2009/01/15 12:0 a.m.•24 views

phplist -- local file inclusion vulnerability

Secunia reports: Input passed to the "SERVERConfigFile" parameter in admin/index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources...

7.5CVSS2.9AI score0.062EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/01/14 12:0 a.m.•10 views

drupal -- multiple vulnerabilities

Drupal Team reports: The Content Translation module for Drupal 6.x enables users to make a translation of an existing item of content a node. In that proces the existing node's content is copied into the new node's submission form. The module contains a flaw that allows a user with the 'translate...

1.5AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2009/01/14 12:0 a.m.•11 views

Teamspeak Server -- Directory Traversal Vulnerability

SecurityFocus reports: TeamSpeak is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks...

4.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/01/12 12:0 a.m.•37 views

amarok -- multiple vulnerabilities

Secunia reports: Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system. Two integer overflow errors exist within the "Audible::Tag::readTag" function in src/metadata/audible/audibletag.cpp. These can be...

9.3CVSS5.2AI score0.06903EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2009/01/08 12:0 a.m.•36 views

openfire -- multiple vulnerabilities

Core Security Technologies reports: Multiple cross-site scripting vulnerabilities have been found which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code...

2.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2008/12/30 12:0 a.m.•36 views

libaudiofile -- heap-based overflow in Microsoft ADPCM compression module

Debian reports: Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted WAV file...

5CVSS7.8AI score0.02179EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/12/28 12:0 a.m.•46 views

xterm -- DECRQSS remote command execution vulnerability

SecurityFocus reports: The xterm program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input. Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected...

9.3CVSS7.2AI score0.04974EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/12/24 12:0 a.m.•24 views

ampache -- insecure temporary file usage

Secunia reports: A security issue has been reported in Ampache, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "gather-messages.sh" script handling temporary files in an insecure manner. This can be...

7.2CVSS6.1AI score0.00392EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/12/24 12:0 a.m.•35 views

php5-gd -- uninitialized memory information disclosure vulnerability

According to CVE-2008-5498 entry: Array index error in the "imageRotate" function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the "bgdcolor" or "clrBack" argument for an indexed image...

5CVSS6.5AI score0.08845EPSS
Exploits7References1
Total number of security vulnerabilities6581